PYSEC-2020-265

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/red-discordbot/PYSEC-2020-265.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-265

Aliases

Published

2020-08-21T17:15:00Z

Modified

2026-02-20T09:16:26.645115Z

Summary

[none]

Details

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.

References

Affected packages

PyPI / red-discordbot

Package

Name: red-discordbot; View open source insights on deps.dev
Purl: pkg:pypi/red-discordbot

Affected ranges

Type: GIT
Repo: https://github.com/Cog-Creators/Red-DiscordBot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9ab536235bafc2b42c3c17d7ce26f1cc64482a81

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.11

Affected versions

3.*

3.0.0b16

3.0.0b17

3.0.0b18

3.0.0b19

3.0.0b20

3.0.0b21

3.0.0rc1

3.0.0rc1.post1

3.0.0rc2

3.0.0rc3

3.0.0rc3.post1

3.0.0

3.0.1

3.0.2

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.1

3.2.2

3.2.3

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.3.10

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/red-discordbot/PYSEC-2020-265.yaml"