CVEs-PoC/2021/CVE-2021-29502.md

### [CVE-2021-29502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29502)
![](https://img.shields.io/static/v1?label=Product&message=Laggrons-Dumb-Cogs&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%201.3.18%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=%7B%22CWE-74%22%3A%22Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')%22%7D&color=brightgreen)

### Description

WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally.

### POC

#### Reference
- https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8

#### Github
No PoCs found on GitHub currently.