CVE-2020-15147: Code Injection
(updated )
Red Discord Bot has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted “going live” messages to inject code into the Streams module’s going live message. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with unload streams
can render this exploit not accessible.
References
Detect and mitigate CVE-2020-15147 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →