CVE-2021-21433

Public Exploit

Remote code execution on discord-recon .dirsearch and .arjun commands due to improper input validation

Description

Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2.

References

Link	Tags
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-65fm-5x64-gv9x	third party advisory
https://github.com/DEMON1A/Discord-Recon/issues/6	issue tracking patch exploit third party advisory
https://github.com/DEMON1A/Discord-Recon/commit/26e2a084679679cccdeeabbb6889ce120eff7e50	third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2021-21433?: CVE-2021-21433 has been scored as a critical severity vulnerability.
How to fix CVE-2021-21433?: To fix CVE-2021-21433, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-21433 being actively exploited in the wild?: It is possible that CVE-2021-21433 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~5% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-21433?: CVE-2021-21433 affects DEMON1A Discord-Recon.

Description

Categories

CWE-94 – Improper Control of Generation of Code ('Code Injection')

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions