Remote Code Execution (RCE)

2020-08-2401:56:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

27.1%

JSON

red_discordbot is vulnerable to remote code execution (RCE). The vulnerability exists as through the variables member and **m_data made in an unnecessary format in trivia.py.

CPENameOperatorVersion
red-discordbotle3.3.10
red-discordbotle3.3.10

CPE	Name	Operator	Version
	red-discordbot	le	3.3.10
	red-discordbot	le	3.3.10

References

github.com/Cog-Creators/Red-DiscordBot/commit/9ab536235bafc2b42c3c17d7ce26f1cc64482a81

github.com/Cog-Creators/Red-DiscordBot/pull/4175

github.com/Cog-Creators/Red-DiscordBot/pull/4175/commits/9ab536235bafc2b42c3c17d7ce26f1cc64482a81

github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-55j9-849x-26h4

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for VERACODE:26477