You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue could be exploited to read internal files from the system and write files into the system resulting in remote code execution
Patches
This issue has been fixed on 0.0.3 version by adding a regex that validate if there's any arguments on the command. then disallow execution if there's an argument
Workarounds
To fix this issue from your side, just upgrade discord-recon, if you're unable to do that. then just copy the code from assets/CommandInjection.py and overwrite your code with the new one. that's the only code required.
Credits
All of the credits for finding these issues on discord-recon goes to Omar Badran.
For more information
If you have any questions or comments about this advisory:
Impact
Patches
Workarounds
assets/CommandInjection.py
and overwrite your code with the new one. that's the only code required.Credits
For more information
If you have any questions or comments about this advisory: