Vulnerability Description
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fluffycogs Project | Fluffycogs | < 2.0.38 |
Related Weaknesses (CWE)
References
- https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53PatchThird Party Advisory
- https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2pPatchThird Party Advisory
- https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53PatchThird Party Advisory
- https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2pPatchThird Party Advisory
FAQ
What is CVE-2020-15172?
CVE-2020-15172 is a vulnerability with a CVSS score of 8.7 (HIGH). The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and...
How severe is CVE-2020-15172?
CVE-2020-15172 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15172?
Check the references section above for vendor advisories and patch information. Affected products include: Fluffycogs Project Fluffycogs.