Описание
MEGABOT is a fully customized Discord bot for learning and fun. The /math command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python eval(). The vulnerability allows an attacker to inject Python code into the expression parameter when using /math in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
Ссылки
- Patch
- Issue Tracking
- Issue TrackingPatch
- Release Notes
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (исключая)
cpe:2.3:a:megacord:megabot:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04336
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-95
CWE-94
EPSS
Процентиль: 89%
0.04336
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-95
CWE-94