Skip to content

Remote code execution on discord-recon .dirsearch and .arjun commands due to improper input validation

Critical
DEMON1A published GHSA-65fm-5x64-gv9x Apr 9, 2021

Package

Discord-Recon (Other)

Affected versions

0.0.1

Patched versions

0.0.2

Description

Impact

  • Remote code execution would allow remote users to execute commands on the server resulting in serious issues.

Patches

  • Adding the same validation rules as the other command within the start of the discord command.

References:

Credits:

  • All of the credits goes to @0xWise64 for his work finding the RCE issue.

For more information

If you have any questions or comments about this advisory:

Severity

Critical

CVE ID

CVE-2021-21433

Weaknesses

Credits