CVE-2020-15172
HIGHfluffycogs < 2.0.38 - Remote Code Execution via Untrusted Data Deserialization
Title source: llmDescription
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p
Patch, Third Party Advisory x_refsource_misc
https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347
Scores
CVSS v3
8.7
EPSS
0.0182
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-502
Status
published
Products (1)
fluffycogs_project/fluffycogs
< 2.0.38
Published
Sep 15, 2020
Tracked Since
Feb 18, 2026