CVE-2021-32632

LOW

pajbot < 1.52 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency.

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/pajbot/pajbot/security/advisories/GHSA-wmfr-qrg4-qc3h
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/Melonify/d8e5d70cdc1bebb871f72dc79d69ac60
Third Party Advisory x_refsource_misc
https://github.com/pajbot/pajbot/releases/tag/v1.52

Scores

CVSS v3 2.4
EPSS 0.0059
EPSS Percentile 43.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
pajbot/pajbot < 1.52
Published May 20, 2021
Tracked Since Feb 18, 2026