CVE-2021-29465 HIGH

CVE-2021-29465: Remote file overwrite on discord-recon can result in DoS and Remote Code Execution

Vendor Demon1A
Product Discord-Recon
Weakness CWE-94 · Code injection
Published April 22, 2021
Last update August 3, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their `setting.py` file then add `<` and `>` into the `RCE` variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4.

Key dates

02Disclosure timeline

April 22, 2021 CVE published
August 3, 2024 Record updated