Lucene search
Veracode Vulnerability DatabaseVERACODE:28530HistoryDec 10, 2020 - 6:37 a.m.
Remote Code Execution (RCE)
2020-12-1006:37:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
remote code execution
vulnerable
discord
webserver
EPSS
0.001
Percentile
40.4%
red-dashboard is vulnerable to remote code execution (RCE). A discord user with malicious Server names and Usernames/Nicknames is able to inject code into the webserver front-end code.
References
github.com/advisories/GHSA-hm45-mgqm-gjm4
github.com/Cog-Creators/Red-Dashboard/commit/99d88b840674674166ce005b784ae8e31e955ab1
github.com/Cog-Creators/Red-Dashboard/commit/a6b9785338003ec87fb75305e7d1cc2d40c7ab91
github.com/Cog-Creators/Red-Dashboard/security/advisories/GHSA-hm45-mgqm-gjm4
pypi.org/project/Red-Dashboard
Related
osv
osv
PYSEC-2020-98
2020-12-09 00:15:00
CVE-2020-26249
2020-12-09 00:15:13
prion
prion
Design/Logic Flaw
2020-12-09 00:15:00
cvelist
cvelist
nvd
nvd
CVE-2020-26249
2020-12-09 00:15:13
cve
cve
CVE-2020-26249
2020-12-09 00:15:13
github
github