red_discordbot is vulnerable to remote code execution (RCE). The vulnerability exists as through the variables member
and **m_data
made in an unnecessary format
in trivia.py
.
CPE | Name | Operator | Version |
---|---|---|---|
red-discordbot | le | 3.3.10 | |
red-discordbot | le | 3.3.10 |
github.com/Cog-Creators/Red-DiscordBot/commit/9ab536235bafc2b42c3c17d7ce26f1cc64482a81
github.com/Cog-Creators/Red-DiscordBot/pull/4175
github.com/Cog-Creators/Red-DiscordBot/pull/4175/commits/9ab536235bafc2b42c3c17d7ce26f1cc64482a81
github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-55j9-849x-26h4