Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bot token exposed in main.py
Vulnerability Description
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Pudding-Bot 信任管理问题漏洞
Vulnerability Description
Pudding-Bot是一个 Rose Bot 替换版本。 Pudding-Bot存在安全漏洞,该漏洞源于bot令牌在main.py中公开暴露使恶意参与者可以访问它。
CVSS Information
N/A
Vulnerability Type
N/A