CVE-2021-29502
7.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Summary
WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type !warnsysteminfo to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the !warnset description command globally.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| retke | Laggrons-Dumb-Cogs | < 1.3.18 | affected |
Weaknesses
- CWE-74: {"CWE-74":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-m9wq
- https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8
References
- https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-m9wq
- https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.