CVE-2021-29501— Remote code execution in ticketer

Remote code execution in ticketer

Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable the exploitable code.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

输出中的特殊元素转义处理不恰当(注入)

Red Discord Bot 命令注入漏洞

Red Discord Bot是个人开发者的一个 Python 编写的模块化机器人。该机器人软件可根据不同的模块配置完成不同的功能。 Red discord bot 存在命令注入漏洞。该漏洞源于程序中的Ticketer插件允许用户公开敏感信息。

N/A

N/A