Search
Find a vulnerability
Search criteria
10 vulnerabilities found for stoatchat by stoatchat
CVE-2026-63088 (GCVE-0-2026-63088)
Vulnerability from nvd – Published: 2026-07-16 16:40 – Updated: 2026-07-16 18:00 X_Open Source
VLAI
EPSS
VEX
Title
stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass
Summary
stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/releases/t… | release-notespatch |
| https://github.com/stoatchat/stoatchat/security/a… | |
| https://www.vulncheck.com/advisories/stoatchat-ss… | third-party-advisory |
Impacted products
Date Public
2026-07-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-63088",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T18:00:05.693791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T18:00:29.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "stoatchat",
"repo": "https://github.com/stoatchat/stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "0.14.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T16:40:56.120Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-4mcc-p83c-r77q)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
},
{
"name": "Release Notes",
"tags": [
"release-notes",
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/releases/tag/v0.14.0"
},
{
"name": "Incomplete Fix - GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-ssrf-via-dns-based-ip-blocklist-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "stoatchat \u003c 0.14.0 SSRF via DNS-based IP Blocklist Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-63088",
"datePublished": "2026-07-16T16:40:56.120Z",
"dateReserved": "2026-07-15T15:45:44.600Z",
"dateUpdated": "2026-07-16T18:00:29.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-63306 (GCVE-0-2026-63306)
Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 13:17
VLAI
EPSS
VEX
Title
stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
Summary
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://www.vulncheck.com/advisories/stoatchat-be… | third-party-advisory |
Impacted products
Date Public
2026-05-17 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-63306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T13:17:07.146090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T13:17:25.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:cargo/revolt-january",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "0.13.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.13.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AzureADTrent"
}
],
"datePublic": "2026-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:19:17.351Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
},
{
"name": "VulnCheck Advisory: stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-before-unauthenticated-ssrf-via-proxy-and-embed-endpoints"
}
],
"title": "stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-63306",
"datePublished": "2026-07-16T12:19:17.351Z",
"dateReserved": "2026-07-16T12:13:18.732Z",
"dateUpdated": "2026-07-16T13:17:25.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71388 (GCVE-0-2025-71388)
Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 15:10
VLAI
EPSS
VEX
Title
stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions
Summary
stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/commit/e37… | patch |
| https://www.vulncheck.com/advisories/stoatchat-20… | third-party-advisory |
Impacted products
Date Public
2025-02-10 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T14:12:48.229605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T15:10:58.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "20250210-1",
"status": "affected",
"version": "20241213-1",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "20250210-1",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel\u0027s webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2)."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:19:15.310Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-8684-rvfj-v3jq)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-8684-rvfj-v3jq"
},
{
"name": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829",
"tags": [
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829"
},
{
"name": "VulnCheck Advisory: stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-20241213-1-webhook-token-disclosure-via-read-permissions"
}
],
"title": "stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71388",
"datePublished": "2026-07-16T12:19:15.310Z",
"dateReserved": "2026-07-16T12:14:41.769Z",
"dateUpdated": "2026-07-16T15:10:58.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71377 (GCVE-0-2025-71377)
Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 12:59
VLAI
EPSS
VEX
Title
stoatchat before 20250210-1 Unrestricted Message History Fetch
Summary
stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1025 - Comparison Using Wrong Factors
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/commit/5f8… | patch |
| https://www.vulncheck.com/advisories/stoatchat-be… | third-party-advisory |
Impacted products
Date Public
2025-02-10 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T12:58:58.260798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:59:14.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "20250210-1 (0.8.2)",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "20250210-1 (0.8.2)",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages \u0027nearby\u0027 another message, the database query can be given a message limit of zero, which the database interprets as \u0027no limit\u0027. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel\u0027s message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1025",
"description": "Comparison Using Wrong Factors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:19:14.582Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-h7h6-7pxm-mc66)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66"
},
{
"name": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94",
"tags": [
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94"
},
{
"name": "VulnCheck Advisory: stoatchat before 20250210-1 Unrestricted Message History Fetch",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch"
}
],
"title": "stoatchat before 20250210-1 Unrestricted Message History Fetch",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71377",
"datePublished": "2026-07-16T12:19:14.582Z",
"dateReserved": "2026-06-20T13:11:44.728Z",
"dateUpdated": "2026-07-16T12:59:14.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58360 (GCVE-0-2024-58360)
Vulnerability from nvd – Published: 2026-07-16 12:23 – Updated: 2026-07-18 02:49
VLAI
EPSS
VEX
Title
stoatchat before 0.7.8 Unrestricted Account Creation
Summary
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1173 - Improper Use of Validation Framework
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/commit/eda… | patch |
| https://www.vulncheck.com/advisories/stoatchat-be… | third-party-advisory |
Impacted products
Date Public
2024-06-21 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-18T02:49:16.124593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-18T02:49:27.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "0.7.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.7.8",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1173",
"description": "Improper Use of Validation Framework",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:23:14.567Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-f26h-rqjq-qqjq)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq"
},
{
"name": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4",
"tags": [
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4"
},
{
"name": "VulnCheck Advisory: stoatchat before 0.7.8 Unrestricted Account Creation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation"
}
],
"title": "stoatchat before 0.7.8 Unrestricted Account Creation",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58360",
"datePublished": "2026-07-16T12:23:14.567Z",
"dateReserved": "2026-07-16T12:22:08.178Z",
"dateUpdated": "2026-07-18T02:49:27.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-63088 (GCVE-0-2026-63088)
Vulnerability from cvelistv5 – Published: 2026-07-16 16:40 – Updated: 2026-07-16 18:00 X_Open Source
VLAI
EPSS
VEX
Title
stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass
Summary
stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/releases/t… | release-notespatch |
| https://github.com/stoatchat/stoatchat/security/a… | |
| https://www.vulncheck.com/advisories/stoatchat-ss… | third-party-advisory |
Impacted products
Date Public
2026-07-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-63088",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T18:00:05.693791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T18:00:29.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "stoatchat",
"repo": "https://github.com/stoatchat/stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "0.14.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T16:40:56.120Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-4mcc-p83c-r77q)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
},
{
"name": "Release Notes",
"tags": [
"release-notes",
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/releases/tag/v0.14.0"
},
{
"name": "Incomplete Fix - GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-ssrf-via-dns-based-ip-blocklist-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "stoatchat \u003c 0.14.0 SSRF via DNS-based IP Blocklist Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-63088",
"datePublished": "2026-07-16T16:40:56.120Z",
"dateReserved": "2026-07-15T15:45:44.600Z",
"dateUpdated": "2026-07-16T18:00:29.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58360 (GCVE-0-2024-58360)
Vulnerability from cvelistv5 – Published: 2026-07-16 12:23 – Updated: 2026-07-18 02:49
VLAI
EPSS
VEX
Title
stoatchat before 0.7.8 Unrestricted Account Creation
Summary
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1173 - Improper Use of Validation Framework
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/commit/eda… | patch |
| https://www.vulncheck.com/advisories/stoatchat-be… | third-party-advisory |
Impacted products
Date Public
2024-06-21 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-18T02:49:16.124593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-18T02:49:27.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "0.7.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.7.8",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1173",
"description": "Improper Use of Validation Framework",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:23:14.567Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-f26h-rqjq-qqjq)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq"
},
{
"name": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4",
"tags": [
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4"
},
{
"name": "VulnCheck Advisory: stoatchat before 0.7.8 Unrestricted Account Creation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation"
}
],
"title": "stoatchat before 0.7.8 Unrestricted Account Creation",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58360",
"datePublished": "2026-07-16T12:23:14.567Z",
"dateReserved": "2026-07-16T12:22:08.178Z",
"dateUpdated": "2026-07-18T02:49:27.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-63306 (GCVE-0-2026-63306)
Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 13:17
VLAI
EPSS
VEX
Title
stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
Summary
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://www.vulncheck.com/advisories/stoatchat-be… | third-party-advisory |
Impacted products
Date Public
2026-05-17 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-63306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T13:17:07.146090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T13:17:25.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:cargo/revolt-january",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "0.13.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.13.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AzureADTrent"
}
],
"datePublic": "2026-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:19:17.351Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
},
{
"name": "VulnCheck Advisory: stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-before-unauthenticated-ssrf-via-proxy-and-embed-endpoints"
}
],
"title": "stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-63306",
"datePublished": "2026-07-16T12:19:17.351Z",
"dateReserved": "2026-07-16T12:13:18.732Z",
"dateUpdated": "2026-07-16T13:17:25.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71388 (GCVE-0-2025-71388)
Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 15:10
VLAI
EPSS
VEX
Title
stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions
Summary
stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/commit/e37… | patch |
| https://www.vulncheck.com/advisories/stoatchat-20… | third-party-advisory |
Impacted products
Date Public
2025-02-10 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T14:12:48.229605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T15:10:58.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "20250210-1",
"status": "affected",
"version": "20241213-1",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "20250210-1",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel\u0027s webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2)."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:19:15.310Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-8684-rvfj-v3jq)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-8684-rvfj-v3jq"
},
{
"name": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829",
"tags": [
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829"
},
{
"name": "VulnCheck Advisory: stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-20241213-1-webhook-token-disclosure-via-read-permissions"
}
],
"title": "stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71388",
"datePublished": "2026-07-16T12:19:15.310Z",
"dateReserved": "2026-07-16T12:14:41.769Z",
"dateUpdated": "2026-07-16T15:10:58.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71377 (GCVE-0-2025-71377)
Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 12:59
VLAI
EPSS
VEX
Title
stoatchat before 20250210-1 Unrestricted Message History Fetch
Summary
stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1025 - Comparison Using Wrong Factors
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/stoatchat/stoatchat/security/a… | vendor-advisory |
| https://github.com/stoatchat/stoatchat/commit/5f8… | patch |
| https://www.vulncheck.com/advisories/stoatchat-be… | third-party-advisory |
Impacted products
Date Public
2025-02-10 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T12:58:58.260798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:59:14.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "stoatchat",
"vendor": "stoatchat",
"versions": [
{
"lessThan": "20250210-1 (0.8.2)",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "20250210-1 (0.8.2)",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages \u0027nearby\u0027 another message, the database query can be given a message limit of zero, which the database interprets as \u0027no limit\u0027. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel\u0027s message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1025",
"description": "Comparison Using Wrong Factors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:19:14.582Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-h7h6-7pxm-mc66)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66"
},
{
"name": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94",
"tags": [
"patch"
],
"url": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94"
},
{
"name": "VulnCheck Advisory: stoatchat before 20250210-1 Unrestricted Message History Fetch",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch"
}
],
"title": "stoatchat before 20250210-1 Unrestricted Message History Fetch",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71377",
"datePublished": "2026-07-16T12:19:14.582Z",
"dateReserved": "2026-06-20T13:11:44.728Z",
"dateUpdated": "2026-07-16T12:59:14.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}