CVE-2022-39302

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39302

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39302.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-39302

Aliases

GHSA-v574-xgcf-5w8x

Published

2022-10-13T00:00:00Z

Modified

2025-11-28T04:54:22.265340Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Ree6 may bypass webhook protection

Details

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39302.json"
}

References

Affected packages

Git / github.com/ree6-applications/ree6

Affected ranges

Type: GIT
Repo: https://github.com/ree6-applications/ree6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

de53736d4c2f1455dd256dd2f8676bdffda399b2

Affected versions

1.*

1.5.1

1.5.2

1.5.3

1.6.0

1.6.3

1.6.4

1.7.0

1.7.1

1.7.10

1.7.11

1.7.12

1.7.13

1.7.14

1.7.15

1.7.16

1.7.17

1.7.18

1.7.19

1.7.2

1.7.20

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8.0

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.7.1

1.9.8

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-39302-f606fb14",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/ree6-applications/ree6/commit/de53736d4c2f1455dd256dd2f8676bdffda399b2",
        "digest": {
            "line_hashes": [
                "158633684928765415560519087926667377525",
                "83070585019615912945495474252236584550",
                "219299433723211354946701397294601481710",
                "158465640071739564268455620391324433578",
                "300133477810291819532717898083050128685",
                "103523385467933307077441035152172608153",
                "221739695120422749629806788374658323317",
                "154443857777896382438569692869799486033"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/de/presti/ree6/main/Main.java"
        }
    },
    {
        "id": "CVE-2022-39302-fa10daf1",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/ree6-applications/ree6/commit/de53736d4c2f1455dd256dd2f8676bdffda399b2",
        "digest": {
            "length": 3617.0,
            "function_hash": "279480961113466240303420068404447931161"
        },
        "signature_type": "Function",
        "target": {
            "function": "main",
            "file": "src/main/java/de/presti/ree6/main/Main.java"
        }
    }
]