VYPR

apk package

chainguard/mattermost-11.7

pkg:apk/chainguard/mattermost-11.7

Vulnerabilities (28)

  • CVE-2026-39819MedMay 7, 2026
    affected < 11.7.0-r1fixed 11.7.0-r1

    The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink.

  • CVE-2026-39817MedMay 7, 2026
    affected < 11.7.0-r1fixed 11.7.0-r1

    The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem.

  • CVE-2026-33814HigMay 7, 2026
    affected < 11.7.0-r1fixed 11.7.0-r1

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

  • CVE-2026-33811HigMay 7, 2026
    affected < 11.7.0-r1fixed 11.7.0-r1

    When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

  • CVE-2026-33813HigApr 21, 2026
    affected < 11.7.0-r2fixed 11.7.0-r2

    Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

  • CVE-2026-33812MedApr 21, 2026
    affected < 0fixed 0

    Parsing a malicious font file can cause excessive memory allocation.

  • CVE-2022-4045Nov 23, 2022
    affected < 0fixed 0

    A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. 

  • CVE-2022-4019Nov 23, 2022
    affected < 0fixed 0

    A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.

Page 2 of 2