Presence of non-blacklisted URL bypasses all other filters
CVE-2021-41250

4.3MEDIUM

Key Information:

Vendor: Python-discord
Status: Bot
Vendor: CVE Published:; 5 November 2021

🔔 Create Python-discord Vulnerability Alert

What is CVE-2021-41250?

Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0

Affected Version(s)

bot < 67390298852513d13e0213870e50fb3cff1424e0

References

https://github.com/python-discord/bot/security/advisories...

x_refsource_CONFIRM

https://github.com/python-discord/bot/commit/673902988525...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2021
Vulnerability Reserved
Sep 15, 2021

CVE-2021-41250 Data

JSON