← back
CVE-2020-5282

arbitrary shell execution in Nick Chan Bot

CVSS 7.2 HIGHEPSS 1.1%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Mar 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Affected products
Nick Chan · nickchanbot