3 matches found
CVE-2020-5282
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...
CVE-2020-5282
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...
CVE-2020-5282
CVE-2020-5282 affects Nick Chan Bot prior to version 1.0.0-beta, where the npm command within the bot can lead to arbitrary shell execution. The root cause is unfiltered input to OS command construction, enabling code execution and potential compromise of the bot. References in multiple sources c...