How severe is CVE-2020-15147?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.5 out of 10.

What type of vulnerability is CVE-2020-15147?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2020-15147 - HIGH Severity | CVSS 8.5

Vulnerability Description

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.

Related Vulnerabilities

CVE-2021-39144

HIGH

CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only b...

CWE-942021

CVE-2023-22513

HIGH

CVSS:8.5(High)

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8...

CWE-942023

CVE-2024-21513

HIGH

CVSS:8.5(High)

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' o...

CWE-942024

CVE-2024-27191

HIGH

CVSS:8.5(High)

Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2.

CWE-942024

CVE-2024-34761

HIGH

CVSS:8.5(High)

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection...

CWE-942024

CVE-2024-38651

HIGH

CVSS:8.5(High)

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

CWE-942024