CVE-2017-18873
MEDIUM5.3EPSS 0.38%Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server
Published: 5/24/2022Modified: 2/26/2026
Description
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/mattermost/mattermost-server before v4.1.2-0.20171013141717-ee57a5829ab1, before v4.2.1-0.20171013140502-b3e4b0ac9168.
Affected packages (2)
- Go/github.com/mattermost/mattermost-serverfrom 0, < 4.1.2-0.20171013141717-ee57a5829ab1
- Go/github.com/mattermost/mattermost-serverfrom 0, < 4.1.2-0.20171013141717-ee57a5829ab1+incompatible, >= 4.2.0+incompatible, < 4.2.1-0.20171013140502-b3e4b0ac9168+incompatible, >= 4.3.0-rc1+incompatible, < 4.3.0+incompatible
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-x6mw-hf2j-vqpc
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-18873
- PATCHhttps://github.com/mattermost/mattermost
- WEBhttps://github.com/mattermost/mattermost/commit/9adaf53e110e0e806b21903111aacb93129668cb
- WEBhttps://github.com/mattermost/mattermost/commit/b3e4b0ac91682093276a653f7ccd5774aaa9cd06
- WEBhttps://github.com/mattermost/mattermost/commit/ee57a5829ab162859e0e355dac6cfe6ca1a8f379
- WEBhttps://mattermost.com/security-updates