CVE-2024-21663

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:demon1a:discord-recon:*:*:*:*:*:discord:*:*
cpe:2.3:a:demon1a:discord-recon:0.0.8:beta:*:*:*:discord:*:*

History

21 Nov 2024, 08:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.9
References () https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a - Patch () https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a - Patch
References () https://github.com/DEMON1A/Discord-Recon/issues/23 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/DEMON1A/Discord-Recon/issues/23 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 - Exploit, Patch, Vendor Advisory () https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 - Exploit, Patch, Vendor Advisory

12 Jan 2024, 15:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:demon1a:discord-recon:*:*:*:*:*:discord:*:*
cpe:2.3:a:demon1a:discord-recon:0.0.8:beta:*:*:*:discord:*:*
CWE CWE-20 CWE-77
First Time Demon1a discord-recon
Demon1a
References () https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 - () https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 - Exploit, Patch, Vendor Advisory
References () https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a - () https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a - Patch
References () https://github.com/DEMON1A/Discord-Recon/issues/23 - () https://github.com/DEMON1A/Discord-Recon/issues/23 - Exploit, Issue Tracking, Third Party Advisory

09 Jan 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-09 00:15

Updated : 2024-11-21 08:54


NVD link : CVE-2024-21663

Mitre link : CVE-2024-21663

CVE.ORG link : CVE-2024-21663


JSON object : View

Products Affected

demon1a

  • discord-recon
CWE
CWE-20

Improper Input Validation

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')