Описание
Mattermost webapp crash via a crafted post
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.
Пакеты
github.com/mattermost/mattermost/server/v8
>= 10.2.0, < 10.2.1
10.2.1
github.com/mattermost/mattermost/server/v8
>= 10.1.0, <= 10.1.3
10.1.4
github.com/mattermost/mattermost/server/v8
>= 10.0.0, <= 10.0.3
10.0.4
github.com/mattermost/mattermost/server/v8
>= 9.11.0, <= 9.11.5
9.11.6
github.com/mattermost/mattermost/server/v8
< 8.0.0-20241127161322-25ff7a3779a5
8.0.0-20241127161322-25ff7a3779a5
Связанные уязвимости
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0 ...
