Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution

Main / Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution

Discription

### Impact
py-cord is a an API wrapper for Discord written in Python. Bots using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected.

### Patches
This issue has been patched in version 2.0.1.

### Workarounds
There are currently no recommended workarounds – please upgrade to a patched version.

### References
https://github.com/Pycord-Development/pycord/pull/1568

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [our GitHub](https://github.com/Pycord-Development/pycord)
* Email us at [[email protected]](mailto:[email protected])Read More

References

Back to Main

Subscribe for the latest news: