MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
References
Link | Resource |
---|---|
https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6 | Patch |
https://github.com/NicPWNs/MEGABOT/issues/137 | Issue Tracking |
https://github.com/NicPWNs/MEGABOT/pull/138 | Issue Tracking Patch |
https://github.com/NicPWNs/MEGABOT/releases/tag/v1.5.0 | Release Notes |
https://github.com/NicPWNs/MEGABOT/security/advisories/GHSA-vhxp-4hwq-w3p2 | Patch Vendor Advisory |
Configurations
History
26 Aug 2024, 18:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6 - Patch | |
References | () https://github.com/NicPWNs/MEGABOT/issues/137 - Issue Tracking | |
References | () https://github.com/NicPWNs/MEGABOT/pull/138 - Issue Tracking, Patch | |
References | () https://github.com/NicPWNs/MEGABOT/releases/tag/v1.5.0 - Release Notes | |
References | () https://github.com/NicPWNs/MEGABOT/security/advisories/GHSA-vhxp-4hwq-w3p2 - Patch, Vendor Advisory | |
CWE | CWE-94 | |
First Time |
Megacord
Megacord megabot |
|
CPE | cpe:2.3:a:megacord:megabot:*:*:*:*:*:*:*:* |
20 Aug 2024, 15:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-20 15:15
Updated : 2024-08-26 18:29
NVD link : CVE-2024-43404
Mitre link : CVE-2024-43404
CVE.ORG link : CVE-2024-43404
JSON object : View
Products Affected
megacord
- megabot