Discord Recon
CVE-2021-29465
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their setting.py file then add < and > into the RCE variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4.
AnalysisAI
Discord-Recon is a bot for the Discord chat service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their setting.py file then add < and > into the RCE variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4. Affected products include: Discord Discord-Recon. Version information: version 0.0.4..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Discord Recon
View allDiscord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Rated high severity (
Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. Rated high severity
Discord-Recon is a bot for the Discord chat service. Rated high severity (CVSS 7.5), this vulnerability is remotely expl
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a dis
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today