Medium severity6.5OSV Advisory· Published May 14, 2024· Updated Apr 15, 2026
CVE-2024-34712
CVE-2024-34712
Description
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/{id} being normalized into the url /api/v10/channels/{id}, and deleting a channel rather than removing a ban. Version 1.10.4 fixes this issue. Some workarounds are available. One may sanitize user input, ensuring strings are valid for the purpose they are being used for. One may also encode input with encodeURIComponent before providing it to the library.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
oceanic.jsnpm | < 1.10.4 | 1.10.4 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.