ADVISORIES

• CVE-2023-28102 (NVD)
• GHSA-8832-4mm5-x2r6

GEM

discordrb

SEVERITY

CVSS v3.x: 9.6 (Critical)

PATCHED VERSIONS

• >= 3.4.3

DESCRIPTION

The encode_file method may lead to remote code execution (RCE) if invoked with untrusted user-controlled data.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2023-28102
• https://securitylab.github.com/advisories/GHSL-2022-094_discordrb
• https://github.com/shardlab/discordrb/commit/91e13043ffa89227c3fcdc3408f06da237d28c95
• https://rubygems.org/gems/discordrb
• https://github.com/advisories/GHSA-8832-4mm5-x2r6