{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35605?format=json","vulnerability_id":"VCID-wy1w-6hzy-9bbf","summary":"In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.","aliases":[{"alias":"CVE-2020-15140"},{"alias":"GHSA-55j9-849x-26h4"},{"alias":"PYSEC-2020-265"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18076?format=json","purl":"pkg:pypi/red-discordbot@3.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.11"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18037?format=json","purl":"pkg:pypi/red-discordbot@3.0.0b16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b16"},{"url":"http://public2.vulnerablecode.io/api/packages/18038?format=json","purl":"pkg:pypi/red-discordbot@3.0.0b17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b17"},{"url":"http://public2.vulnerablecode.io/api/packages/18039?format=json","purl":"pkg:pypi/red-discordbot@3.0.0b18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b18"},{"url":"http://public2.vulnerablecode.io/api/packages/18040?format=json","purl":"pkg:pypi/red-discordbot@3.0.0b19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b19"},{"url":"http://public2.vulnerablecode.io/api/packages/18041?format=json","purl":"pkg:pypi/red-discordbot@3.0.0b20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b20"},{"url":"http://public2.vulnerablecode.io/api/packages/18042?format=json","purl":"pkg:pypi/red-discordbot@3.0.0b21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0b21"},{"url":"http://public2.vulnerablecode.io/api/packages/18043?format=json","purl":"pkg:pypi/red-discordbot@3.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18044?format=json","purl":"pkg:pypi/red-discordbot@3.0.0rc1.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc1.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/18045?format=json","purl":"pkg:pypi/red-discordbot@3.0.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/18046?format=json","purl":"pkg:pypi/red-discordbot@3.0.0rc3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc3"},{"url":"http://public2.vulnerablecode.io/api/packages/18047?format=json","purl":"pkg:pypi/red-discordbot@3.0.0rc3.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0rc3.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/18048?format=json","purl":"pkg:pypi/red-discordbot@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/18049?format=json","purl":"pkg:pypi/red-discordbot@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18050?format=json","purl":"pkg:pypi/red-discordbot@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/18051?format=json","purl":"pkg:pypi/red-discordbot@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/18052?format=json","purl":"pkg:pypi/red-discordbot@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18053?format=json","purl":"pkg:pypi/red-discordbot@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/18054?format=json","purl":"pkg:pypi/red-discordbot@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/18055?format=json","purl":"pkg:pypi/red-discordbot@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/18056?format=json","purl":"pkg:pypi/red-discordbot@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/18057?format=json","purl":"pkg:pypi/red-discordbot@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/18058?format=json","purl":"pkg:pypi/red-discordbot@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/18059?format=json","purl":"pkg:pypi/red-discordbot@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/18060?format=json","purl":"pkg:pypi/red-discordbot@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/18061?format=json","purl":"pkg:pypi/red-discordbot@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/18062?format=json","purl":"pkg:pypi/red-discordbot@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18063?format=json","purl":"pkg:pypi/red-discordbot@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/18064?format=json","purl":"pkg:pypi/red-discordbot@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/18065?format=json","purl":"pkg:pypi/red-discordbot@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:pypi/red-discordbot@3.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18067?format=json","purl":"pkg:pypi/red-discordbot@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/18068?format=json","purl":"pkg:pypi/red-discordbot@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/18069?format=json","purl":"pkg:pypi/red-discordbot@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/18070?format=json","purl":"pkg:pypi/red-discordbot@3.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/18071?format=json","purl":"pkg:pypi/red-discordbot@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/18072?format=json","purl":"pkg:pypi/red-discordbot@3.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/18073?format=json","purl":"pkg:pypi/red-discordbot@3.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/18074?format=json","purl":"pkg:pypi/red-discordbot@3.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/18075?format=json","purl":"pkg:pypi/red-discordbot@3.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bd1p-1gv9-q3dg"},{"vulnerability":"VCID-tyaj-tzft-2ba8"},{"vulnerability":"VCID-wy1w-6hzy-9bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/red-discordbot@3.3.10"}],"references":[{"reference_url":"https://github.com/Cog-Creators/Red-DiscordBot/pull/4175/commits/9ab536235bafc2b42c3c17d7ce26f1cc64482a81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cog-Creators/Red-DiscordBot/pull/4175/commits/9ab536235bafc2b42c3c17d7ce26f1cc64482a81"},{"reference_url":"https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-55j9-849x-26h4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-55j9-849x-26h4"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wy1w-6hzy-9bbf"}