CVE-2020-15140

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15140

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15140.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15140

Aliases

Related

GHSA-55j9-849x-26h4

Published

2020-08-21T17:15:13.287Z

Modified

2026-04-10T04:23:29.377926Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.

References

Affected packages

Git / github.com/cog-creators/red-discordbot

Affected ranges

Type

GIT

Repo

https://github.com/cog-creators/red-discordbot

Events

Introduced

Fixed

d8d3e9fceb7935259c2efd15a03c2a687f942554

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.3.11"
        }
    ]
}

Affected versions

3.*

3.0.0b10

3.0.0b11

3.0.0b12

3.0.0b13

3.0.0b14

3.0.0b15

3.0.0b16

3.0.0b17

3.0.0b17.post1

3.0.0b18

3.0.0b19

3.0.0b20

3.0.0b21

3.0.0b8

3.0.0b8-1

3.0.0b9

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0

3.2.1

3.2.2

3.2.3

3.3.0

3.3.1

3.3.10

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15140.json"