PyPI package
red-discordbot
pkg:pypi/red-discordbot
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39905 | Med | 5.3 | >= 3.5.0, < 3.5.10 | 3.5.10 | Jul 11, 2024 | Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to mana | |
| CVE-2020-15278 | — | < 3.4.1 | 3.4.1 | Oct 28, 2020 | Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that u | ||
| CVE-2020-15147 | — | < 3.3.12 | 3.3.12 | Aug 21, 2020 | Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, | ||
| CVE-2020-15140 | — | < 3.3.11 | 3.3.11 | Aug 21, 2020 | In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform d |
- affected >= 3.5.0, < 3.5.10fixed 3.5.10
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to mana
- CVE-2020-15278Oct 28, 2020affected < 3.4.1fixed 3.4.1
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that u
- CVE-2020-15147Aug 21, 2020affected < 3.3.12fixed 3.3.12
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit,
- CVE-2020-15140Aug 21, 2020affected < 3.3.11fixed 3.3.11
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform d