Vulnerability Details CVE-2024-43404
MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6
- https://github.com/NicPWNs/MEGABOT/issues/137
- https://github.com/NicPWNs/MEGABOT/pull/138
- https://github.com/NicPWNs/MEGABOT/releases/tag/v1.5.0
- https://github.com/NicPWNs/MEGABOT/security/advisories/GHSA-vhxp-4hwq-w3p2
Products affected by CVE-2024-43404
-
cpe:2.3:a:megacord:megabot:-
-
cpe:2.3:a:megacord:megabot:1.0.0
-
cpe:2.3:a:megacord:megabot:1.0.1
-
cpe:2.3:a:megacord:megabot:1.0.2
-
cpe:2.3:a:megacord:megabot:1.0.3
-
cpe:2.3:a:megacord:megabot:1.0.4
-
cpe:2.3:a:megacord:megabot:1.1.0
-
cpe:2.3:a:megacord:megabot:1.2.0
-
cpe:2.3:a:megacord:megabot:1.2.1
-
cpe:2.3:a:megacord:megabot:1.2.2
-
cpe:2.3:a:megacord:megabot:1.2.3
-
cpe:2.3:a:megacord:megabot:1.3.0
-
cpe:2.3:a:megacord:megabot:1.3.1
-
cpe:2.3:a:megacord:megabot:1.3.2
-
cpe:2.3:a:megacord:megabot:1.3.3
-
cpe:2.3:a:megacord:megabot:1.3.4
-
cpe:2.3:a:megacord:megabot:1.3.5
-
cpe:2.3:a:megacord:megabot:1.3.6
-
cpe:2.3:a:megacord:megabot:1.3.7
-
cpe:2.3:a:megacord:megabot:1.3.8
-
cpe:2.3:a:megacord:megabot:1.3.9
-
cpe:2.3:a:megacord:megabot:1.4.0
-
cpe:2.3:a:megacord:megabot:1.4.1
-
cpe:2.3:a:megacord:megabot:1.4.10
-
cpe:2.3:a:megacord:megabot:1.4.2
-
cpe:2.3:a:megacord:megabot:1.4.3
-
cpe:2.3:a:megacord:megabot:1.4.4
-
cpe:2.3:a:megacord:megabot:1.4.5
-
cpe:2.3:a:megacord:megabot:1.4.6
-
cpe:2.3:a:megacord:megabot:1.4.7
-
cpe:2.3:a:megacord:megabot:1.4.8
-
cpe:2.3:a:megacord:megabot:1.4.9