CVE-2022-36024

2022-08-1815:15:26

CWE-862

CWE-284

GitHub_M

web.nvd.nist.gov

306

py-cord

discord

python

api wrapper

cve-2022-36024

remote shutdown

vulnerability

patch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.8%

JSON

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Affected configurations

Nvd

Vulners

Node

pycord_developmentpycordMatch2.0.0discord

VendorProductVersionCPE
pycord_developmentpycord2.0.0cpe:2.3:a:pycord_development:pycord:2.0.0:*:*:*:*:discord:*:*

Vendor	Product	Version	CPE
pycord_development	pycord	2.0.0	cpe:2.3:a:pycord_development:pycord:2.0.0:::::discord::

CNA Affected

[
  {
    "product": "pycord",
    "vendor": "Pycord-Development",
    "versions": [
      {
        "status": "affected",
        "version": "= 2.0.0"
      }
    ]
  }
]