Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-tyaj-tzft-2ba8

Summary Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.

Aliases

alias	CVE-2020-15147

alias	GHSA-7257-96vg-qf6x

alias	PYSEC-2020-266

Fixed_packages

url pkg:pypi/red-discordbot@3.3.12

purl pkg:pypi/red-discordbot@3.3.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.12

Affected_packages

url pkg:pypi/red-discordbot@3.0.0b16

purl pkg:pypi/red-discordbot@3.0.0b16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b16

url pkg:pypi/red-discordbot@3.0.0b17

purl pkg:pypi/red-discordbot@3.0.0b17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b17

url pkg:pypi/red-discordbot@3.0.0b18

purl pkg:pypi/red-discordbot@3.0.0b18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b18

url pkg:pypi/red-discordbot@3.0.0b19

purl pkg:pypi/red-discordbot@3.0.0b19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b19

url pkg:pypi/red-discordbot@3.0.0b20

purl pkg:pypi/red-discordbot@3.0.0b20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b20

url pkg:pypi/red-discordbot@3.0.0b21

purl pkg:pypi/red-discordbot@3.0.0b21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b21

url pkg:pypi/red-discordbot@3.0.0rc1

purl pkg:pypi/red-discordbot@3.0.0rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc1

url pkg:pypi/red-discordbot@3.0.0rc1.post1

purl pkg:pypi/red-discordbot@3.0.0rc1.post1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc1.post1

url pkg:pypi/red-discordbot@3.0.0rc2

purl pkg:pypi/red-discordbot@3.0.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc2

url pkg:pypi/red-discordbot@3.0.0rc3

purl pkg:pypi/red-discordbot@3.0.0rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc3

url pkg:pypi/red-discordbot@3.0.0rc3.post1

purl pkg:pypi/red-discordbot@3.0.0rc3.post1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc3.post1

url pkg:pypi/red-discordbot@3.0.0

purl pkg:pypi/red-discordbot@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0

url pkg:pypi/red-discordbot@3.0.1

purl pkg:pypi/red-discordbot@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.1

url pkg:pypi/red-discordbot@3.0.2

purl pkg:pypi/red-discordbot@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.2

url pkg:pypi/red-discordbot@3.1.0

purl pkg:pypi/red-discordbot@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.0

url pkg:pypi/red-discordbot@3.1.1

purl pkg:pypi/red-discordbot@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.1

url pkg:pypi/red-discordbot@3.1.2

purl pkg:pypi/red-discordbot@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.2

url pkg:pypi/red-discordbot@3.1.3

purl pkg:pypi/red-discordbot@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.3

url pkg:pypi/red-discordbot@3.1.4

purl pkg:pypi/red-discordbot@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.4

url pkg:pypi/red-discordbot@3.1.5

purl pkg:pypi/red-discordbot@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.5

url pkg:pypi/red-discordbot@3.1.6

purl pkg:pypi/red-discordbot@3.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.6

url pkg:pypi/red-discordbot@3.1.7

purl pkg:pypi/red-discordbot@3.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.7

url pkg:pypi/red-discordbot@3.1.8

purl pkg:pypi/red-discordbot@3.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.8

url pkg:pypi/red-discordbot@3.1.9

purl pkg:pypi/red-discordbot@3.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.9

url pkg:pypi/red-discordbot@3.2.0

purl pkg:pypi/red-discordbot@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.0

url pkg:pypi/red-discordbot@3.2.1

purl pkg:pypi/red-discordbot@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.1

url pkg:pypi/red-discordbot@3.2.2

purl pkg:pypi/red-discordbot@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.2

url pkg:pypi/red-discordbot@3.2.3

purl pkg:pypi/red-discordbot@3.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.3

url pkg:pypi/red-discordbot@3.3.0

purl pkg:pypi/red-discordbot@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.0

url pkg:pypi/red-discordbot@3.3.1

purl pkg:pypi/red-discordbot@3.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.1

url pkg:pypi/red-discordbot@3.3.2

purl pkg:pypi/red-discordbot@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.2

url pkg:pypi/red-discordbot@3.3.3

purl pkg:pypi/red-discordbot@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.3

url pkg:pypi/red-discordbot@3.3.4

purl pkg:pypi/red-discordbot@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.4

url pkg:pypi/red-discordbot@3.3.5

purl pkg:pypi/red-discordbot@3.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.5

url pkg:pypi/red-discordbot@3.3.6

purl pkg:pypi/red-discordbot@3.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.6

url pkg:pypi/red-discordbot@3.3.7

purl pkg:pypi/red-discordbot@3.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.7

url pkg:pypi/red-discordbot@3.3.8

purl pkg:pypi/red-discordbot@3.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.8

url pkg:pypi/red-discordbot@3.3.9

purl pkg:pypi/red-discordbot@3.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.9

url pkg:pypi/red-discordbot@3.3.10

purl pkg:pypi/red-discordbot@3.3.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

vulnerability	VCID-wy1w-6hzy-9bbf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.10

url pkg:pypi/red-discordbot@3.3.11

purl pkg:pypi/red-discordbot@3.3.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bd1p-1gv9-q3dg

vulnerability	VCID-tyaj-tzft-2ba8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.11

References

reference_url	https://github.com/Cog-Creators/Red-DiscordBot/pull/4183
reference_id
reference_type
scores
url	https://github.com/Cog-Creators/Red-DiscordBot/pull/4183

reference_url	https://github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc88417163c18431b1df38a9be92bfc
reference_id
reference_type
scores
url	https://github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc88417163c18431b1df38a9be92bfc

reference_url	https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vg-qf6x
reference_id
reference_type
scores
url	https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vg-qf6x

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyaj-tzft-2ba8

Vulnerability Instance