CVE-2022-36024 — HIGH (7.5)

Vulnerability Description

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pycord Development	Pycord	2.0.0

Related Weaknesses (CWE)

CWE-284 CWE-862

References

https://github.com/Pycord-Development/pycord/pull/1568PatchThird Party Advisory
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-Third Party Advisory
https://github.com/Pycord-Development/pycord/pull/1568PatchThird Party Advisory
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-Third Party Advisory

FAQ

What is CVE-2022-36024?

CVE-2022-36024 is a vulnerability with a CVSS score of 7.5 (HIGH). py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` s...

How severe is CVE-2022-36024?

CVE-2022-36024 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36024?

Check the references section above for vendor advisories and patch information. Affected products include: Pycord Development Pycord.