VYPR
Moderate severityNVD Advisory· Published Sep 26, 2024· Updated Sep 26, 2024

DoS via non-string message using permalink embed

CVE-2024-47003

Description

Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20240806094731-69a8b3df0f9f8.0.0-20240806094731-69a8b3df0f9f

Affected products

43

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.