CVE-2024-21663
CRITICALdemon1a discord-recon < 0.0.8 - Unauthenticated Remote Code Execution
Title source: llmDescription
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory x_refsource_confirm
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/DEMON1A/Discord-Recon/issues/23
Scores
CVSS v3
9.9
EPSS
0.0154
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
CWE-77
Status
published
Products (2)
demon1a/discord-recon
0.0.8 beta
demon1a/discord-recon
< 0.0.8
Published
Jan 09, 2024
Tracked Since
Feb 18, 2026