CVE-2024-21663

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:demon1a:discord-recon:*:*:*:*:*:discord:*:*
cpe:2.3:a:demon1a:discord-recon:0.0.8:beta:*:*:*:discord:*:*

History

12 Jan 2024, 15:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:demon1a:discord-recon:*:*:*:*:*:discord:*:*
cpe:2.3:a:demon1a:discord-recon:0.0.8:beta:*:*:*:discord:*:*
References () https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 - () https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 - Exploit, Patch, Vendor Advisory
References () https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a - () https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a - Patch
References () https://github.com/DEMON1A/Discord-Recon/issues/23 - () https://github.com/DEMON1A/Discord-Recon/issues/23 - Exploit, Issue Tracking, Third Party Advisory
First Time Demon1a discord-recon
Demon1a
CWE CWE-20 CWE-77

09 Jan 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-09 00:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-21663

Mitre link : CVE-2024-21663

CVE.ORG link : CVE-2024-21663


JSON object : View

Products Affected

demon1a

  • discord-recon
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-20

Improper Input Validation