Impact
A missing permissions check allows any user to run u!reload_services without privileges. This is an owner-only command which reloads all Unifier plugin scripts with either content_protection or content_processing services declared in their plugin metadata file (plugin.json). Although access to the bot as the owner or the host server is required to load a modified version of the scripts into the bot, continued reloads may lead to memory leaks (the magnitude depends on the memory Plugins use), which may cause the bot to shut down unintentionally due to excessive memory usage.
Patches
Patched in v1.2.5-patch2 and v2.0.2.
Workarounds
Effects of exploit can be prevented by uninstalling all plugins with either service. This will not prevent users from running the command, however no scripts will be reloaded, thus preventing memory leaks. Do note that Plugins without any services declared are never reloaded using this command.
References
7c0d7e7
Impact
A missing permissions check allows any user to run
u!reload_serviceswithout privileges. This is an owner-only command which reloads all Unifier plugin scripts with eithercontent_protectionorcontent_processingservices declared in their plugin metadata file (plugin.json). Although access to the bot as the owner or the host server is required to load a modified version of the scripts into the bot, continued reloads may lead to memory leaks (the magnitude depends on the memory Plugins use), which may cause the bot to shut down unintentionally due to excessive memory usage.Patches
Patched in v1.2.5-patch2 and v2.0.2.
Workarounds
Effects of exploit can be prevented by uninstalling all plugins with either service. This will not prevent users from running the command, however no scripts will be reloaded, thus preventing memory leaks. Do note that Plugins without any services declared are never reloaded using this command.
References
7c0d7e7