CVE-2020-26249

Name of the Vulnerable Software and Affected Versions Red Discord Bot versions prior to 0.1.7a

Description A remote code execution (RCE) exploit has been discovered in the Red Discord Bot Dashboard, allowing Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. This exploit can be used to perform destructive actions and/or access sensitive information.

Recommendations For versions prior to 0.1.7a, upgrade the relevant packages (Dashboard module and Dashboard webserver) to version 0.1.7a to patch this issue. There are no workarounds, and bot owners must upgrade to resolve the issue.