Bot token exposed in main.py
Package
main.py
(@PuddingBot codebase)
Affected versions
≤ 0.0.6-b933652
Patched versions
≥ 0.0.6-a5b15fb
Description
Credits
-
Happy-Ferret Analyst
Happy-Ferret
Analyst
Impact
Bot token is publicly exposed in main.py, making it accessible to malicious actors.
Patches
Bot token has been revoked and new version is already running on server.
Code will be updated at a later date to reflect this.
Update (1/21/2022)
Patch is part of 0.0.6-a5b15fb.
Workarounds
None
References
GitHub Issue
Fix
For more information
If you have any questions or comments about this advisory: