Thomas Mercurio

CVE-2021-37696 WRITEUP HIGH WRITEUP

tmerc-cogs < 3.0 - Unauthenticated Sensitive Information Exposure via MassDM Message

tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update to the current commit. As a workaround users may unload the MassDM cog or globally disable the `[p]massdm` command.

CVSS 7.1

View Code

CVE-2021-37697 WRITEUP HIGH WRITEUP

tmerc-cogs < 3.0 - Unauthenticated Sensitive Information Exposure via Membership Event Message

tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround users may unload the Welcome cog.

CVSS 7.1

View Code