Lucene search

GitHub_MCVELIST:CVE-2021-29461

HistoryApr 20, 2021 - 7:45 p.m.

CVE-2021-29461 LFI and possible code execution on discord-recon using tools arguments

2021-04-2019:45:18

CWE-94

GitHub_M

www.cve.org

discord recon server

lfi vulnerability

code execution

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Discord Recon Server is a bot that allows one to do one’s reconnaissance process from one’s Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from assets/CommandInjection.py in the Discord Recon Server code repository and overwrite vulnerable code from one’s own Discord Recon Server implementation with code that contains the patch.

CNA Affected

[
  {
    "product": "Discord-Recon",
    "vendor": "DEMON1A",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.0.3"
      }
    ]
  }
]

References

github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83x

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Related for CVELIST:CVE-2021-29461