{"id":"CVE-2020-15140","details":"In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.","aliases":["GHSA-55j9-849x-26h4","PYSEC-2020-265"],"modified":"2026-04-10T04:23:29.377926Z","published":"2020-08-21T17:15:13.287Z","related":["GHSA-55j9-849x-26h4"],"references":[{"type":"ADVISORY","url":"https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-55j9-849x-26h4"},{"type":"FIX","url":"https://github.com/Cog-Creators/Red-DiscordBot/pull/4175/commits/9ab536235bafc2b42c3c17d7ce26f1cc64482a81"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cog-creators/red-discordbot","events":[{"introduced":"0"},{"fixed":"d8d3e9fceb7935259c2efd15a03c2a687f942554"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.3.11"}]}}],"versions":["3.0.0b10","3.0.0b11","3.0.0b12","3.0.0b13","3.0.0b14","3.0.0b15","3.0.0b16","3.0.0b17","3.0.0b17.post1","3.0.0b18","3.0.0b19","3.0.0b20","3.0.0b21","3.0.0b8","3.0.0b8-1","3.0.0b9","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.2.0","3.2.1","3.2.2","3.2.3","3.3.0","3.3.1","3.3.10","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.8","3.3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15140.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"}]}