admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-36024.md

19 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-36024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36024)
![](https://img.shields.io/static/v1?label=Product&message=pycord&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%3A%20Missing%20Authorization&color=brighgreen)
### Description
py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/LDH0094/security-vulnerability-py-cord
Reference in New Issue Copy Permalink