CVE-2021-29461 — HIGH (8.1)

Vulnerability Description

Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Demon1A	Discord-Recon	0.0.2

Related Weaknesses (CWE)

CWE-94 CWE-88

References

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83xThird Party Advisory
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83xThird Party Advisory

FAQ

What is CVE-2021-29461?

CVE-2021-29461 is a vulnerability with a CVSS score of 8.1 (HIGH). Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files fr...

How severe is CVE-2021-29461?

CVE-2021-29461 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29461?

Check the references section above for vendor advisories and patch information. Affected products include: Demon1A Discord-Recon.