Lucene search

GitHub_MCVELIST:CVE-2021-41250

HistoryNov 05, 2021 - 10:45 p.m.

CVE-2021-41250 Presence of non-blacklisted URL bypasses all other filters

2021-11-0522:45:11

CWE-20

GitHub_M

www.cve.org

cve-2021-41250

non-blacklisted url

filter bypass

python discord bot

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0

CNA Affected

[
  {
    "product": "bot",
    "vendor": "python-discord",
    "versions": [
      {
        "status": "affected",
        "version": "< 67390298852513d13e0213870e50fb3cff1424e0"
      }
    ]
  }
]

References

github.com/python-discord/bot/commit/67390298852513d13e0213870e50fb3cff1424e0

github.com/python-discord/bot/security/advisories/GHSA-j8c3-8x46-8pp6

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Related for CVELIST:CVE-2021-41250