CVE-2021-29466
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file app.py and add .replace('..', '') into the Path variable inside of the recon function. The vulnerability is patched in version 0.0.4.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DEMON1A | Discord-Recon | <= 0.0.3 | affected |
Weaknesses
- CWE-24: CWE-24 Path Traversal: '../filedir'
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.