Description
py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
Patch, Third Party Advisory x_refsource_misc
https://github.com/Pycord-Development/pycord/pull/1568
Scores
CVSS v3
7.5
EPSS
0.0066
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
CWE-862
Status
published
Products (2)
pycord_development/pycord
2.0.0
pypi/py-cord
2.0.0 - 2.0.1PyPI
Published
Aug 18, 2022
Tracked Since
Feb 18, 2026