Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution
Vulnerability Description
py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Pycord 安全漏洞
Vulnerability Description
Pycord是Pycord Development开源的一个现代的、易于使用的、功能丰富的、异步就绪的 API 包装器。 Pycord 2.0.1之前版本存在安全漏洞,该漏洞源于允许用户远程关闭在 pycord 上运行的机器人,方法是将其添加到具有application.commands范围而不是bot范围的不和谐服务器,然后在该服务器中执行命令。
CVSS Information
N/A
Vulnerability Type
N/A