You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
kennnyshiwa
published
GHSA-f4j2-2cwr-h473May 6, 2021
Package
Tickets
(Red Discord Bot)
Affected versions
< 5a84d60018468e5c0346f7ee74b2b4650a6dade7
Patched versions
5a84d60018468e5c0346f7ee74b2b4650a6dade7
Description
Impact
What kind of vulnerability is it? Who is impacted?
An RCE exploit has been found in the Tickets module. This exploit allows discord users to craft a message that can reveal sensitive and harmful information
Patches
Has the problem been patched? What versions should users upgrade to?
Impact
What kind of vulnerability is it? Who is impacted?
An RCE exploit has been found in the Tickets module. This exploit allows discord users to craft a message that can reveal sensitive and harmful information
Patches
Has the problem been patched? What versions should users upgrade to?
Exploit patched with https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Unload tickets to render the exploit unusable
References
Are there any links users can visit to find out more?
Commit https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7
For more information
If you have any questions or comments about this advisory: