Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
10.1.0 (semver)
affected
10.0.0 (semver)
affected
9.11.0 (semver)
affected
9.5.0 (semver)
affected
10.2.0
unaffected
2.22.0
unaffected
10.1.3
unaffected
10.0.3
unaffected
9.11.5
unaffected
9.5.13
unaffected
Description
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.
Problem types
CWE-1287: Improper Validation of Specified Type of Input
Product status
10.1.0 (semver)
10.0.0 (semver)
9.11.0 (semver)
9.5.0 (semver)
10.2.0
2.22.0
10.1.3
10.0.3
9.11.5
9.5.13
Credits
c0rydoras (c0rydoras)
References
mattermost.com/security-updates