CVE-2024-58360
Deferred
Deferred - Pending Action
StoaChat Account Creation Bypass Before 0.7.8
Vulnerability report for CVE-2024-58360, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-16
Last updated on: 2026-07-16
Assigner: VulnCheck
Description
Description
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stoatchat | stoatchat | to 0.7.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1173 | The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library. |