Home > Vulnerability Database > CVE-2022-36024

Mend.io Vulnerability Database

CVE-2022-36024

Good to know:

Date: August 18, 2022

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the "application.commands" scope without the "bot" scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Language: Python

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-36024

Url: https://github.com/Pycord-Development/pycord/pull/1568

Url: https://github.com/pypa/advisory-database/tree/main/vulns/py-cord/PYSEC-2022-43146.yaml

Url: https://github.com/Pycord-Development/pycord

Url: https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr

Url: https://www.mend.io/vulnerability-database/CVE-2022-36024

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version py-cord - 2.0.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-36024

Good to know:

Date: August 18, 2022

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?