CVE-2017-18871

HIGH7.5EPSS 0.42%

Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server

Published: 5/24/2022Modified: 3/3/2026

Description

Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server

Affected packages (2)

Go/github.com/mattermost/mattermost-serverfrom 0, < 4.2.2
Go/github.com/mattermost/mattermost-serverfrom 0, < 4.2.2+incompatible, >= 4.3.0-rc1+incompatible, < 4.3.4+incompatible, >= 4.4.0-rc1+incompatible, < 4.4.5+incompatible, >= 4.5.0-rc1+incompatible, < 4.5.0+incompatible

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYhttps://github.com/advisories/GHSA-jc6w-8r7f-vmp5
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-18871
PATCHhttps://github.com/mattermost/mattermost
WEBhttps://mattermost.com/security-updates