GHSA-ffxg-5f8m-h72j

GitHub Security Advisory

Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability

✓ GitHub Reviewed HIGH Has CVE

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.

npm rocket.chat

Affected versions: 0 (fixed in 6.10.1)

CVE-2024-39713

GHSA ID

GHSA-ffxg-5f8m-h72j

Published

August 5, 2024 6:30 AM

Last Modified

August 30, 2024 7:56 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

rocket.chat

GitHub Reviewed

✓ Yes

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.