Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Natro Macro: Malicious actions allowed through Discord RC Commands by any user
Vulnerability Description
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includes keyboard and mouse inputs and full file access. This issue has been patched in version 1.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
NatroMacro 代码问题漏洞
Vulnerability Description
NatroMacro是Natro Team开源的一个游戏的自动化脚本工具。 NatroMacro 1.1.0之前版本存在代码问题漏洞,该漏洞源于在非私有频道中设置Discord远程控制,可能导致具有发送消息权限的用户访问其计算机并执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A