Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Contact to DisCatSharp-owned server using authenticated client
Vulnerability Description
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by DisCatSharp's development team. The tokens were not logged, yet it is still advisable to reset the tokens of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to `BaseDiscordClient.LibraryDeveloperTeam`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
DisCatSharp 信息泄露漏洞
Vulnerability Description
DisCatSharp是一个可爱的 Discord API 包装器。 DisCatSharp 9.8.5版本、9.8.6版本、9.9.0版本、10.0.0预发行版本存在信息泄露漏洞,该漏洞源于使用了两个RequireDisCatSharpDeveloperAttribute或BaseDiscordClient.LibraryDeveloperTeam中的一个,会将其bot令牌发送到与Discord无关的web服务器上。
CVSS Information
N/A
Vulnerability Type
N/A