Lucene search

[email protected]NVD:CVE-2022-36024

HistoryAug 18, 2022 - 3:15 p.m.

CVE-2022-36024

2022-08-1815:15:26

CWE-862

CWE-284

[email protected]

web.nvd.nist.gov

py-cord

discord

api

vulnerability

python

remote shutdown

scope

slash commands

patch

upgrade

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.8%

JSON

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Affected configurations

Nvd

Node

pycord_developmentpycordMatch2.0.0discord

VendorProductVersionCPE
pycord_developmentpycord2.0.0cpe:2.3:a:pycord_development:pycord:2.0.0:*:*:*:*:discord:*:*

Vendor	Product	Version	CPE
pycord_development	pycord	2.0.0	cpe:2.3:a:pycord_development:pycord:2.0.0:::::discord::

References

github.com/Pycord-Development/pycord/pull/1568

github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.8%

JSON

Related for NVD:CVE-2022-36024

cve1 prion1 osv2 cvelist1 github1 veracode1