CVE-2021-32632

low-risk
Published 2021-05-20

Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.4/10 Low
NETWORK / LOW complexity

Affected Products (1)

Pajbot

Affected Vendors

Pajbot

References (6)

Exploit https://gist.github.com/Melonify/d8e5d70cdc1bebb871f72dc79d69ac60
Third Party Advisory https://github.com/pajbot/pajbot/releases/tag/v1.52
Patch https://github.com/pajbot/pajbot/security/advisories/GHSA-wmfr-qrg4-qc3h
Exploit https://gist.github.com/Melonify/d8e5d70cdc1bebb871f72dc79d69ac60
Third Party Advisory https://github.com/pajbot/pajbot/releases/tag/v1.52
Patch https://github.com/pajbot/pajbot/security/advisories/GHSA-wmfr-qrg4-qc3h
19
/ 100
low-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal