Описание
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_11:*:*:*:*:*:*
cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_7:*:*:*:*:*:*
cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_8:*:*:*:*:*:*
cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_9:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
7.2 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
CWE-78
EPSS
Процентиль: 54%
0.00316
Низкий
7.2 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
CWE-78