CVE-2020-15147

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-15147
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15147.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-15147
Aliases
Related
Published
2020-08-21T18:15:11Z
Modified
2024-11-21T05:04:56Z
Severity
  • 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with unload streams can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.

References

Affected packages

Git / github.com/cog-creators/red-discordbot

Affected ranges

Type
GIT
Repo
https://github.com/cog-creators/red-discordbot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d8d3e9fceb7935259c2efd15a03c2a687f942554