Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02bXgzLTlxZmgtNzdnas4AA5qA
Mattermost denial of service through long emoji value
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.
Permalink: https://github.com/advisories/GHSA-6mx3-9qfh-77gjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02bXgzLTlxZmgtNzdnas4AA5qA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-6mx3-9qfh-77gj, CVE-2024-24988
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-24988
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-6mx3-9qfh-77gj
Affected Packages
go:github.com/mattermost/mattermost/server/v8
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: < 8.1.9, >= 9.2.0, < 9.2.5, >= 9.3.0, < 9.3.1
Fixed in: 8.1.9, 9.2.5, 9.3.1
All affected versions:
All unaffected versions: