Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Thu, 16 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses. | |
| Title | stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass | |
| Weaknesses | CWE-918 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-16T18:00:29.429Z
Reserved: 2026-07-15T15:45:44.600Z
Link: CVE-2026-63088
Updated: 2026-07-16T18:00:21.326Z
No data.
No data.
OpenCVE Enrichment
No data.