9.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-28102

GHSA ID

GHSA-8832-4mm5-x2r6

EPSS Score

0.73369%

CWE

CWE-78

Published

3/14/2024

Updated

3/14/2024

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-28102

CVE-2023-28102: discordrb OS Command Injection vulnerability

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly exploitable: the exploit requires that some client of the library calls the vulnerable method with user input. However, if unsafe input reaches the library method, then an attacker can execute arbitrary shell commands on the host machine. Full impact will depend on the permissions of the process running the discordrb library and will likely not be total system access. This issue has been addressed in code, but a new release of the discordrb gem has not been uploaded to rubygems. This issue is also tracked as GHSL-2022-094.

(GitHub Advisory)

9.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-28102

GHSA ID

GHSA-8832-4mm5-x2r6

EPSS Score

0.73369%

CWE

CWE-78

Published

3/14/2024

Updated

3/14/2024

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
discordrb	rubygems	< 3.4.3	3.4.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from constructing shell commands via unsafe string interpolation in encode_file and encode_io methods. The commit diff shows both methods were modified to use an array-based invocation (safe) instead of string interpolation (unsafe). The original implementation in encoder.rb line 80/90 directly interpolated user-controlled parameters into command strings passed to IO.popen, making them vulnerable to command injection. The CVE description and patch commit confirm these were the vulnerable entry points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*is*or*r* is *n impl*m*nt*tion o* t** *is*or* *PI usin* Ru*y. In *is*or*r* ***or* *ommit `***********` t** `*n*o**r.r*` *il* uns***ly *onstru*ts * s**ll strin* usin* t** *il* p*r*m*t*r, w*i** **n pot*nti*lly l**v* *li*nts o* *is*or*r* vuln*r**l* to *

Reasoning

T** vuln*r**ility st*ms *rom *onstru*tin* s**ll *omm*n*s vi* uns*** strin* int*rpol*tion in *n*o**_*il* *n* *n*o**_io m*t*o*s. T** *ommit *i** s*ows *ot* m*t*o*s w*r* mo*i*i** to us* *n *rr*y-**s** invo**tion (s***) inst*** o* strin* int*rpol*tion (u

9.7

Basic Information

Concerned about an active attack path?

CVE-2023-28102: discordrb OS Command Injection vulnerability

9.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI