Arbitrary Shell Execution Vulnerability in Nick Chan Bot (<= 1.0.0-beta)

Arbitrary Shell Execution Vulnerability in Nick Chan Bot (<= 1.0.0-beta)

CVE-2020-5282 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta

Learn more about our Web Application Penetration Testing UK.