Lucene search
Veracode Vulnerability DatabaseVERACODE:26478HistoryAug 24, 2020 - 2:11 a.m.
Remote Code Execution (RCE)
2020-08-2402:11:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.011 Low
EPSS
Percentile
84.7%
red_discordbot is vulnerable to remote code execution (RCE). The vulnerability exists through the value of mention_str being formatted in the “going live” alert_msg message found in the Streams module, allowing an attacker to inject and execute arbitrary code via the affected parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| red-discordbot | le | 3.3.10 | |
| red-discordbot | le | 3.3.10 |
References
github.com/Cog-Creators/Red-DiscordBot/commit/e269ea0d3bc88417163c18431b1df38a9be92bfc
github.com/Cog-Creators/Red-DiscordBot/pull/4183
github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc88417163c18431b1df38a9be92bfc
github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vg-qf6x
Related
prion
prion
Remote code execution
2020-08-21 18:15:00
osv
osv
CVE-2020-15147
2020-08-21 18:15:00
Remote Code Execution in Red Discord Bot
2020-08-21 17:03:24
nvd
nvd
CVE-2020-15147
2020-08-21 18:15:11
github
github
Remote Code Execution in Red Discord Bot
2020-08-21 17:03:24
cve
cve
CVE-2020-15147
2020-08-21 18:15:11
cvelist
cvelist
CVE-2020-15147 Remote Code Execution in Red Discord Bot
2020-08-21 17:15:16