CVE-2021-29466
Path Traversal at Discord-Recon .recon Command Path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace('..', '')` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4.
Discord-Recon es un bot para el servicio de chat Discord. En versiones de Discord-Recon versiones 0.0.3 y anteriores, un atacante remoto puede leer archivos locales del servidor que pueden divulgar información importante. Como solución alternativa, un encargado de mantenimiento de bots puede ubicar el archivo "app.py" y agregar" .replace ("..", '')" en la variable "Path" dentro de la función "recon". La vulnerabilidad está parcheada en versión 0.0.4
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-30 CVE Reserved
- 2021-04-22 CVE Published
- 2024-01-05 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-24: Path Traversal: '../filedir'
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-p2pw-8xwf-879g | Mitigation |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Discord Search vendor "Discord" | Discord-recon Search vendor "Discord" for product "Discord-recon" | < 0.0.4 Search vendor "Discord" for product "Discord-recon" and version " < 0.0.4" | - |
Affected
|