CVE-2024-43404
CRITICALDescription
MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
Is your site exposed to CVE-2024-43404?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| megacord | megabot |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-43404? +
How severe is CVE-2024-43404? +
What products are affected by CVE-2024-43404? +
How do I check if I'm vulnerable to CVE-2024-43404? +
Related Vulnerabilities
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an …
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in …
In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to …
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of …
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint …
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is …