PT-2019-15752 · Supybot+1 · Supybot+1

B1Tninja

·

Publicado

2019-11-16

·

Atualizado

2020-08-24

·

CVE-2019-19010

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Limnoria versions prior to 2019.11.09 Supybot versions through 2018-05-09
Description The issue allows remote unprivileged attackers to disclose information or possibly have unspecified other impact. This is achieved via the calc and icalc IRC commands in the Math plugin.
Recommendations For Limnoria versions prior to 2019.11.09, update to version 2019.11.09 or later. For Supybot versions through 2018-05-09, consider disabling the Math plugin until a patch is available. As a temporary workaround, restrict access to the calc and icalc IRC commands to minimize the risk of exploitation.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2019-19010
GHSA-6G88-VR3V-76MF
PYSEC-2019-102

Produtos afetados

Limnoria
Supybot