CVE-2020-15147: Remote Code Execution in Red Discord Bot
(updated )
A RCE exploit has been discovered in the Streams module: this exploit allows Discord users with specifically crafted “going live” messages to inject code into the Streams module’s going live message. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information.
References
- github.com/Cog-Creators/Red-DiscordBot
- github.com/Cog-Creators/Red-DiscordBot/pull/4183
- github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc88417163c18431b1df38a9be92bfc
- github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vg-qf6x
- github.com/advisories/GHSA-7257-96vg-qf6x
- github.com/pypa/advisory-database/tree/main/vulns/red-discordbot/PYSEC-2020-266.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-15147
Code Behaviors & Features
Detect and mitigate CVE-2020-15147 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →