Description
Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/pajbot/pajbot/security/advisories/GHSA-wmfr-qrg4-qc3h
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/Melonify/d8e5d70cdc1bebb871f72dc79d69ac60
Third Party Advisory x_refsource_misc
https://github.com/pajbot/pajbot/releases/tag/v1.52
Scores
CVSS v3
2.4
EPSS
0.0059
EPSS Percentile
43.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
pajbot/pajbot
< 1.52
Published
May 20, 2021
Tracked Since
Feb 18, 2026