Описание
Mattermost is vulnerable to DoS due to infinite re-renders on API errors
Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-14435
- https://github.com/mattermost/mattermost/commit/613bb616cd62c584a606919e6978688e7b87d81e
- https://github.com/mattermost/mattermost/commit/9f7629504bc93f79af8d606329c025a687e143cd
- https://github.com/mattermost/mattermost/commit/cc6b77b271324796b72f1e6b82dba85a86462f9f
- https://mattermost.com/security-updates
Пакеты
github.com/mattermost/mattermost-server
>= 10.11.0, <= 10.11.8
10.11.9
github.com/mattermost/mattermost-server
>= 11.1.0, <= 11.1.1
11.1.2
github.com/mattermost/mattermost-server
>= 11.0.0, <= 11.0.6
11.0.7
Связанные уязвимости
Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.
Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11 ...
Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с распределением ресурсов без ограничений и регулирования, позволяющая нарушителю вызвать отказ в обслуживании