apk package
wolfi/mattermost-10.7
pkg:apk/wolfi/mattermost-10.7
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-30204 | Hig | 7.5 | < 10.7.1-r1 | 10.7.1-r1 | Mar 21, 2025 | golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a maliciou | |
| CVE-2024-0406 | — | < 10.7.4-r5 | 10.7.4-r5 | Apr 6, 2024 | A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic | ||
| CVE-2022-4045 | — | < 0 | 0 | Nov 23, 2022 | A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. | ||
| CVE-2022-4019 | — | < 0 | 0 | Nov 23, 2022 | A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. | ||
| CVE-2022-31022 | — | < 10.7.1-r2 | 10.7.1-r2 | Jun 1, 2022 | Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (blev |
- affected < 10.7.1-r1fixed 10.7.1-r1
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a maliciou
- CVE-2024-0406Apr 6, 2024affected < 10.7.4-r5fixed 10.7.4-r5
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic
- CVE-2022-4045Nov 23, 2022affected < 0fixed 0
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
- CVE-2022-4019Nov 23, 2022affected < 0fixed 0
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.
- CVE-2022-31022Jun 1, 2022affected < 10.7.1-r2fixed 10.7.1-r2
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (blev
Page 2 of 2