Vulnerability Details CVE-2020-15172
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.3%
CVSS Severity
CVSS v3 Score 8.7
CVSS v2 Score 6.5
References
- https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347
- https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p
- https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347
- https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p
Products affected by CVE-2020-15172
-
cpe:2.3:a:fluffycogs_project:fluffycogs:-