Vulnerability Details : CVE-2021-41250
Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0
Vulnerability category: Input validation
Products affected by CVE-2021-41250
- cpe:2.3:a:pythondiscord:bot:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41250
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2021-41250
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2021-41250
-
https://github.com/python-discord/bot/commit/67390298852513d13e0213870e50fb3cff1424e0
Merge pull request from GHSA-j8c3-8x46-8pp6 · python-discord/bot@6739029 · GitHubPatch;Third Party Advisory
-
https://github.com/python-discord/bot/security/advisories/GHSA-j8c3-8x46-8pp6
Presence of non-blacklisted URL bypasses all other filters · Advisory · python-discord/bot · GitHubPatch;Third Party Advisory
Jump to