In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Red-DiscordBot(PyPI) | 0 | 3.3.11 | N/A |
CVSS Metrics
