{"id":"CVE-2022-39302","summary":"Ree6 may bypass webhook protection","details":"Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as \"Better-Audit-Logging\" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.","aliases":["GHSA-v574-xgcf-5w8x"],"modified":"2026-04-12T01:28:01.972377Z","published":"2022-10-13T00:00:00Z","database_specific":{"cwe_ids":["CWE-863"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39302.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39302.json"},{"type":"ADVISORY","url":"https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39302"},{"type":"FIX","url":"https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ree6-applications/ree6","events":[{"introduced":"0"},{"fixed":"de53736d4c2f1455dd256dd2f8676bdffda399b2"}]}],"versions":["1.5.1","1.5.2","1.5.3","1.6.0","1.6.3","1.6.4","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.18","1.7.19","1.7.2","1.7.20","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.9.0","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.7.1","1.9.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39302.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2022-39302-f606fb14","digest":{"line_hashes":["158633684928765415560519087926667377525","83070585019615912945495474252236584550","219299433723211354946701397294601481710","158465640071739564268455620391324433578","300133477810291819532717898083050128685","103523385467933307077441035152172608153","221739695120422749629806788374658323317","154443857777896382438569692869799486033"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"src/main/java/de/presti/ree6/main/Main.java"},"source":"https://github.com/ree6-applications/ree6/commit/de53736d4c2f1455dd256dd2f8676bdffda399b2"},{"signature_version":"v1","id":"CVE-2022-39302-fa10daf1","digest":{"function_hash":"279480961113466240303420068404447931161","length":3617},"deprecated":false,"signature_type":"Function","target":{"function":"main","file":"src/main/java/de/presti/ree6/main/Main.java"},"source":"https://github.com/ree6-applications/ree6/commit/de53736d4c2f1455dd256dd2f8676bdffda399b2"}],"vanir_signatures_modified":"2026-04-12T01:28:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}]}