red_discordbot is vulnerable to remote code execution (RCE). The vulnerability exists through the value of mention_str
being formatted in the “going live” alert_msg
message found in the Streams
module, allowing an attacker to inject and execute arbitrary code via the affected parameter.
CPE | Name | Operator | Version |
---|---|---|---|
red-discordbot | le | 3.3.10 | |
red-discordbot | le | 3.3.10 |
github.com/Cog-Creators/Red-DiscordBot/commit/e269ea0d3bc88417163c18431b1df38a9be92bfc
github.com/Cog-Creators/Red-DiscordBot/pull/4183
github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc88417163c18431b1df38a9be92bfc
github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vg-qf6x