CVE-2021-29461

### Impact – This issue could be exploited to read internal files from the system and write files into the system resulting in remote code execution ### Patches – This issue has been fixed on 0.0.3 version by adding a regex that validate if there’s any arguments on the command. then disallow execution if there’s an argument ### Workarounds – To fix this issue from your side, just upgrade discord-recon, if you’re unable to do that. then just copy the code from `assets/CommandInjection.py` and overwrite your code with the new one. that’s the only code required. ### Credits – All of the credits for finding these issues on discord-recon goes to Omar Badran. ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])

Source: CVE-2021-29461