CVE-2024-54083

MEDIUM6.5EPSS 0.52%

Mattermost Improper Validation of Specified Type of Input vulnerability

發布日:2024/12/16修改日:2024/12/18

也稱為:GHSA-69pr-78gv-7c6hGO-2024-3337

描述

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.

受影響套件(5)

Go/github.com/mattermost/mattermost-server>= 9.5.0+incompatible, < 9.5.13+incompatible, >= 9.11.0+incompatible, < 9.11.5+incompatible, >= 10.0.0+incompatible, < 10.0.3+incompatible, >= 10.1.0+incompatible, < 10.1.3+incompatible
Go/github.com/mattermost/mattermost-server/v5from 0
Go/github.com/mattermost/mattermost-server/v6from 0
Go/github.com/mattermost/mattermost/server/v8>= 10.1.0, < 10.1.3
Go/github.com/mattermost/mattermost/server/v8from 0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

描述

受影響套件(5)

CVSS 分數

參考連結(4)