Skip to content

Remote Code Execution in Tickets Module

Critical
kennnyshiwa published GHSA-f4j2-2cwr-h473 May 6, 2021

Package

Tickets (Red Discord Bot)

Affected versions

< 5a84d60018468e5c0346f7ee74b2b4650a6dade7

Patched versions

5a84d60018468e5c0346f7ee74b2b4650a6dade7

Description

Impact

What kind of vulnerability is it? Who is impacted?

An RCE exploit has been found in the Tickets module. This exploit allows discord users to craft a message that can reveal sensitive and harmful information

Patches

Has the problem been patched? What versions should users upgrade to?

Exploit patched with https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

Unload tickets to render the exploit unusable

References

Are there any links users can visit to find out more?

Commit https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7

For more information

If you have any questions or comments about this advisory:

Severity

Critical

CVE ID

CVE-2021-29493

Weaknesses

No CWEs

Credits