PT-2020-14226 · Discord · Red Discord Bot

Jackenmen

Published

2020-08-21

Updated

2021-11-18

CVE-2020-15147

CVSS v3.1

8.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Discord Bot versions prior to 3.3.12 and 3.4

Description The issue allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message, potentially leading to destructive actions and/or access to sensitive information.

Recommendations For versions prior to 3.3.12 and 3.4, update to version 3.3.12 or 3.4 to completely patch the issue. As a temporary workaround, consider unloading the Streams module with unload streams to render the exploit not accessible.

Fix

Code Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-74

Related Identifiers

CVE-2020-15147

GHSA-7257-96VG-QF6X

PYSEC-2020-266

Affected Products

Red Discord Bot

PT-2020-14226 · Discord · Red Discord Bot

CVE-2020-15147

Weakness Enumeration

Related Identifiers

Affected Products

References · 9