CVE-2021-29493

Beschreibung:
Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.

CWE: CWE-94

CVSS-Bewertung
CVSS 2: HIGH – 7.5 (Version: 2.0)
CVSS 3: CRITICAL – 9.8 (Version: 3.1)

Links:

NVD – CVE-2021-29493
CVE – CVE-2021-29493

Link (max. 20) Quelle Tags
https://github.com/kennnyshiwa/kennnyshiwa-cogs/security/advisories/GHSA-f4j2-2cwr-h473 CONFIRM Exploit Third Party Advisory
https://apps.apple.com/us/app/ewelink-smart-home/id1035163158 MISC Release Notes Vendor Advisory
https://play.google.com/store/apps/details?id=com.coolkit&hl=en_US MISC Exploit Third Party Advisory

Quelle: NVD – CVE-2021-29493
Datum Veröffentlichung: 2021-05-06T20:15Z, Datum letzte Änderung: 2021-05-07T09:31Z