CVE-2024-58360
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| stoatchat | stoatchat | 0 < 0.7.8 | affected |
| stoatchat | stoatchat | 0.7.8 | unaffected |
Weaknesses
- CWE-1173: Improper Use of Validation Framework
References
- https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq
- https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4
- https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.