SCA: security update for DisCatSharp (GHSA-frxg-hf44-q765)

medium Tenable Self-Hosted Container Security Plugin ID 414689

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously
published prereleases of 10.0.0 who have used either one of the two
`RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially
had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by
DisCatSharp's development team. The tokens were not logged, yet it is still advisable to reset the tokens
of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release
and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all
uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to
`BaseDiscordClient.LibraryDeveloperTeam`. (CVE-2022-24849)

See Also

https://github.com/advisories/GHSA-frxg-hf44-q765

Plugin Details

Severity: Medium

ID: 414689

Version: Revision 1.6

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2022-24849

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 4/22/2022

Vulnerability Publication Date: 4/14/2022

Reference Information

CVE: CVE-2022-24849

cwe: CWE-200