First published: Fri Apr 26 2024(Updated: )
Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/mattermost/mattermost-server | >=9.6.0-rc1<=9.6.0 | 9.6.1 |
go/github.com/mattermost/mattermost-server | >=9.5.0<=9.5.2 | 9.5.3 |
go/github.com/mattermost/mattermost-server | >=8.1.0<=8.1.11 | 8.1.12 |
Update Mattermost to versions 9.7.0, 8.1.11, 9.6.1, 9.5.3, 8.1.12 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.