GithubHelp home page GithubHelp logo

waitwhatacto / aot Goto Github PK

View Code? Open in Web Editor NEW
2.0 1.0 1.0 42.2 MB

License: GNU Affero General Public License v3.0

JavaScript 100.00%
discord discord-js discordbot discordfun discordjs discordjs-bot discordmod discordmoderationbot javascript bot

aot's Introduction

Acto Utils (Formerly Aot)

wakatime

About

Acto Utils (we'll use Aot here for more clarity) is an all-in-one bot, mostly focused on moderation. Aot is coded in JavaScript using Discord.js. This bot is mainly designed for one specific server instead of being available for every server.

License

This open-source project is licensed under the GNU Affero General Public License v3.0. Read the full license here.

Self-Host

If you want to use the bot, you must modify it and self-host.

I do not recommend self-hosting the bot or modifying it for another server as it will be very difficult (stuff is hardcoded for one particular server). But if you want to, download the code and create a config.json file.

{
    "token": "BOT_TOKEN",
    "clientId": "BOT_ID",
    "guildId": "SERVER_ID",
    "Database": "MONGODB_LINK",
    "backupbot": 0,
    "update": 0
}

Credits

A huge thank you to everyone that made this project possible

  • @Delilah for contributing and helping out from time to time
  • @Anon Zhe Yinglet for code feedback, improvements suggestion
  • @Jaska for idea inspirations, code reference
  • @Erisa for ideas, code & list reference
  • Discord.JS main dependency of the project
  • Dependabot keeping dependencies updated, and giving security advisories
  • You (yes, you, the person reading this)

aot's People

Contributors

deepsource-autofix[bot] avatar deepsourcebot avatar dependabot[bot] avatar mend-bolt-for-github[bot] avatar ridgewayplus avatar someoneintheworldddddddd avatar waitwhatacto avatar

Stargazers

avatar

Watchers

avatar

Forkers

ridgewayplus

aot's Issues

curl-0.1.4.tgz: 1 vulnerabilities (highest severity is: 5.5)

Vulnerable Library - curl-0.1.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (curl version) Remediation Available
CVE-2023-28155 Medium 5.5 request-2.88.2.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2023-28155

Vulnerable Library - request-2.88.2.tgz

Simplified HTTP request client.

Library home page: https://registry.npmjs.org/request/-/request-2.88.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Dependency Hierarchy:

  • curl-0.1.4.tgz (Root Library)
    • request-2.88.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Publish Date: 2023-03-16

URL: CVE-2023-28155

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

random-puppy-1.1.0.tgz: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - random-puppy-1.1.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/random-puppy/node_modules/got/package.json

Found in HEAD commit: 150360622b7e7847c2e3698b5086e89df3a03df6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (random-puppy version) Remediation Available
CVE-2022-33987 Medium 5.3 got-6.7.1.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-33987

Vulnerable Library - got-6.7.1.tgz

Simplified HTTP requests

Library home page: https://registry.npmjs.org/got/-/got-6.7.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/random-puppy/node_modules/got/package.json

Dependency Hierarchy:

  • random-puppy-1.1.0.tgz (Root Library)
    • got-6.7.1.tgz (Vulnerable Library)

Found in HEAD commit: 150360622b7e7847c2e3698b5086e89df3a03df6

Found in base branch: master

Vulnerability Details

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

Publish Date: 2022-06-18

URL: CVE-2022-33987

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987

Release Date: 2022-06-18

Fix Resolution: got - 11.8.5,12.1.0

Step up your Open Source Security Game with Mend here

got-12.5.3.tgz: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - got-12.5.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/http-cache-semantics/package.json

Found in HEAD commit: 150360622b7e7847c2e3698b5086e89df3a03df6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (got version) Remediation Available
CVE-2022-25881 High 7.5 http-cache-semantics-4.1.0.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-25881

Vulnerable Library - http-cache-semantics-4.1.0.tgz

Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies

Library home page: https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/http-cache-semantics/package.json

Dependency Hierarchy:

  • got-12.5.3.tgz (Root Library)
    • cacheable-request-10.2.1.tgz
      • http-cache-semantics-4.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 150360622b7e7847c2e3698b5086e89df3a03df6

Found in base branch: master

Vulnerability Details

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Publish Date: 2023-01-31

URL: CVE-2022-25881

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-25881

Release Date: 2023-01-31

Fix Resolution: http-cache-semantics - 4.1.1

Step up your Open Source Security Game with Mend here

file-system-2.2.2.tgz: 1 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - file-system-2.2.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/utils-extend/package.json

Found in HEAD commit: 150360622b7e7847c2e3698b5086e89df3a03df6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (file-system version) Remediation Available
CVE-2020-8147 High 9.8 utils-extend-1.0.8.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2020-8147

Vulnerable Library - utils-extend-1.0.8.tgz

Extend nodejs util api, and it is light weight and simple

Library home page: https://registry.npmjs.org/utils-extend/-/utils-extend-1.0.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/utils-extend/package.json

Dependency Hierarchy:

  • file-system-2.2.2.tgz (Root Library)
    • utils-extend-1.0.8.tgz (Vulnerable Library)

Found in HEAD commit: 150360622b7e7847c2e3698b5086e89df3a03df6

Found in base branch: master

Vulnerability Details

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.

Publish Date: 2020-04-03

URL: CVE-2020-8147

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.