Sensitive information leak in Welcome

High

tmercswims published GHSA-77xv-8c2x-j96j

Aug 11, 2021

Package

Welcome (Red-DiscordBot)

Affected versions

c478eb0ee3c26b91683f2f3897ba4c076cacdcfb

Patched versions

d63c49b4cfc30c795336e4fff08cba3795e0fcc0

Description

Impact

A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message.

Patches

Issue is patched in commit d63c49b.

Workarounds

Unload the Welcome cog.

For more information

If you have any questions or comments about this advisory:

Start a new discussion in the tmerc-cogs repository.
Join my channel in the cog support Discord server and ask there.