search

dekrypted / discord-image-logger

IP Logger that uses discord's "Open Original" feature to steal IP's.
The Unlicense
2.15k stars 603 forks source link

libwebp vulnerability #92

Closed scarlettekk closed 1 year ago

scarlettekk commented 1 year ago

Since the description mentions image RCEs already and says there are none, it may be appropriate to mention the current libwebp CVE, which could affect old discord desktop versions and mobile versions, and is an image RCE

dekrypted commented 1 year ago

yeah fair point but you fail to understand that i wrote that when this exploit didnt exist 💀 and it will likely be patched soon nevermind the fact that it's already very situational and probably not practical

scarlettekk commented 1 year ago

when did i say it existed when you wrote that? the whole point of issues is to propose changes, lol. your decision, obviously, but this is a big vulnerability and PoCs already exist so it's definitely practical/feasible, so I was just suggesting that it might be mentioned

On Thu, Sep 28, 2023 at 3:58 PM DeKrypt @.***> wrote:

yeah fair point but you fail to understand that i wrote that when this exploit didnt exist 💀 and it will likely be patched soon nevermind the fact that it's already very situational and probably not practical

— Reply to this email directly, view it on GitHub https://github.com/dekrypted/discord-image-logger/issues/92#issuecomment-1739927732, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKEN7JE6M7YG4GU76OQV27DX4XJGVANCNFSM6AAAAAA5LNB3BE . You are receiving this because you authored the thread.Message ID: @.***>

dekrypted commented 1 year ago

i dont think its practical to repeatedly be on the lookout for niche exploits and update all my things when they come out just to remove it once it's patched