Published: 18/08/2022 Updated: 09/12/2022

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pycord development pycord 2.0.0

CVE-2022-36024 The following project aims to monitor one of the major vulnerabilities of Discord API wrapper, py-cord Note, not to accidentally open your bot with the specific version of this py-cord, as doing so would potentially put the bot in danger of allowing excessive control to other users v200 thus, is highly vulnerable to remote shutdown if they are added to the s

CWE-284 CWE-862 https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr https://github.com/Pycord-Development/pycord/pull/1568 https://nvd.nist.gov https://github.com/LDH0094/security-vulnerability-py-cord

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-36024

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect