Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote code execution in the WarnSystem module of Laggrons-Dumb-Cogs
Vulnerability Description
WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Laggrons-Dumb-Cogs 代码注入漏洞
Vulnerability Description
Laggrons-Dumb-Cogs是一个应用软件。提供一个Laggron的Dumb Cogs的存储库。 Laggrons-Dumb-Cogs 存在代码注入漏洞。该漏洞源于程序中的WarnSystem插件允许任何用户通过设置未正确清理的特定模板来访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A