Home > Vulnerability Database > CVE-2021-29502

Mend.io Vulnerability Database

CVE-2021-29502

Date: May 10, 2021

WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type "!warnsysteminfo" to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the "!warnset description" command globally.

Language: Python

Severity Score

7.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29502

Url: https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-m9wq

Url: https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8

Url: https://www.mend.io/vulnerability-database/CVE-2021-29502

Severity Score

7.3

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29502

Date: May 10, 2021

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?