Headline
CVE-2021-29493: Remote Code Execution in Tickets Module
Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.
Impact
What kind of vulnerability is it? Who is impacted?
An RCE exploit has been found in the Tickets module. This exploit allows discord users to craft a message that can reveal sensitive and harmful information
Patches
Has the problem been patched? What versions should users upgrade to?
Exploit patched with https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Unload tickets to render the exploit unusable
References
Are there any links users can visit to find out more?
Commit https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7
For more information
If you have any questions or comments about this advisory:
- Open an issue in [https://github.com/kennnyshiwa/kennnyshiwa-cogs]
- Post your question in https://discordapp.com/channels/240154543684321280/240212783503900673 in the [https://discord.gg/GET4DVk](Cog Support Server)