CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
32.8%
py-cord is a an API wrapper for Discord written in Python. Bots using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands
scope without the bot
scope. Currently, it appears that all public bots that use slash commands are affected.
This issue has been patched in version 2.0.1.
There are currently no recommended workarounds - please upgrade to a patched version.
https://github.com/Pycord-Development/pycord/pull/1568
If you have any questions or comments about this advisory: