{"containers": {"cna": {"affected": [{"product": "nickchanbot", "vendor": "Nick Chan", "versions": [{"status": "affected", "version": "< 1.0.0-beta"}]}], "descriptions": [{"lang": "en", "value": "In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-25T18:15:14.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Assfugil/nickchanbot/security/advisories/GHSA-8xwp-r7pj-cgw3"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Assfugil/nickchanbot/commit/d7dc87523fc8bb6babbf8d636c339193b236a3ba"}], "source": {"advisory": "GHSA-8xwp-r7pj-cgw3", "discovery": "UNKNOWN"}, "title": "arbitrary shell execution in Nick Chan Bot", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5282", "STATE": "PUBLIC", "TITLE": "arbitrary shell execution in Nick Chan Bot"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "nickchanbot", "version": {"version_data": [{"version_value": "< 1.0.0-beta"}]}}]}, "vendor_name": "Nick Chan"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta"}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Assfugil/nickchanbot/security/advisories/GHSA-8xwp-r7pj-cgw3", "refsource": "CONFIRM", "url": "https://github.com/Assfugil/nickchanbot/security/advisories/GHSA-8xwp-r7pj-cgw3"}, {"name": "https://github.com/Assfugil/nickchanbot/commit/d7dc87523fc8bb6babbf8d636c339193b236a3ba", "refsource": "MISC", "url": "https://github.com/Assfugil/nickchanbot/commit/d7dc87523fc8bb6babbf8d636c339193b236a3ba"}]}, "source": {"advisory": "GHSA-8xwp-r7pj-cgw3", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:22:09.078Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Assfugil/nickchanbot/security/advisories/GHSA-8xwp-r7pj-cgw3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Assfugil/nickchanbot/commit/d7dc87523fc8bb6babbf8d636c339193b236a3ba"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5282", "datePublished": "2020-03-25T18:15:14.000Z", "dateReserved": "2020-01-02T00:00:00.000Z", "dateUpdated": "2024-08-04T08:22:09.078Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_11:*:*:*:*:*:*", "matchCriteriaId": "11AC2378-8131-44F0-8347-5BEBEABC4A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_7:*:*:*:*:*:*", "matchCriteriaId": "91A429D2-B851-4611-866D-CD39841C4119", "vulnerable": true}, {"criteria": "cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_8:*:*:*:*:*:*", "matchCriteriaId": "5EC0F894-0755-49AD-ADB5-B410838E0E22", "vulnerable": true}, {"criteria": "cpe:2.3:a:nick_chan_bot_project:nick_chan_bot:1.0.0:beta_pre_9:*:*:*:*:*:*", "matchCriteriaId": "1BB1D112-3880-410B-8E30-D66F9956FC13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta"}, {"lang": "es", "value": "En Nick Chan Bot versiones anteriores a 1.0.0-beta, se presenta una vulnerabilidad en el comando \"npm\" el cual es parte de este paquete de software. Esto permite una ejecuci\u00f3n de shell arbitraria, lo que puede comprometer al bot. Esto se parche\u00f3 en la versi\u00f3n 1.0.0-beta."}], "id": "CVE-2020-5282", "lastModified": "2024-11-21T05:33:49.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-25T19:15:15.980", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Assfugil/nickchanbot/commit/d7dc87523fc8bb6babbf8d636c339193b236a3ba"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Assfugil/nickchanbot/security/advisories/GHSA-8xwp-r7pj-cgw3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Assfugil/nickchanbot/commit/d7dc87523fc8bb6babbf8d636c339193b236a3ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/Assfugil/nickchanbot/security/advisories/GHSA-8xwp-r7pj-cgw3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}