PT-2019-15752 · Supybot+1 · Supybot+1

B1Tninja

Published

2019-11-16

Updated

2020-08-24

CVE-2019-19010

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Limnoria versions prior to 2019.11.09 Supybot versions through 2018-05-09

Description The issue allows remote unprivileged attackers to disclose information or possibly have unspecified other impact. This is achieved via the calc and icalc IRC commands in the Math plugin.

Recommendations For Limnoria versions prior to 2019.11.09, update to version 2019.11.09 or later. For Supybot versions through 2018-05-09, consider disabling the Math plugin until a patch is available. As a temporary workaround, restrict access to the calc and icalc IRC commands to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2019-19010

GHSA-6G88-VR3V-76MF

PYSEC-2019-102

Affected Products

Limnoria

Supybot

PT-2019-15752 · Supybot+1 · Supybot+1

CVE-2019-19010

Weakness Enumeration

Related Identifiers

Affected Products

References · 20