Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
arbitrary shell execution in Nick Chan Bot
Vulnerability Description
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Nick Chan Bot 操作系统命令注入漏洞
Vulnerability Description
Nick Chan Bot是一款使用discord.js库编写的私有Discord机器人。 Nick Chan Bot 1.0.0-beta之前版本中的‘npm’命令存在操作系统命令注入漏洞。远程攻击者可借助特制请求利用该漏洞在系统上执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A