CVE-2020-15172

Опубликовано: 15 сент. 2020

Источник: nvd

CVSS3: 8.7

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with unload act can render this exploit inaccessible.

Ссылки

https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347
Patch
Third Party Advisory
https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p
Patch
Third Party Advisory
https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347
Patch
Third Party Advisory
https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fluffycogs_project:fluffycogs:*:*:*:*:*:*:*:*

Версия до 2.0.38 (исключая)

EPSS

Процентиль: 60%

0.00396

Низкий

8.7 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

EPSS

Процентиль: 60%

0.00396

Низкий

8.7 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502