Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-03-15T09:11:21.446Z
Updated: 2024-08-01T19:11:53.477Z
Reserved: 2024-03-14T12:09:07.848Z
Link: CVE-2024-2446
Vulnrichment
Updated: 2024-08-01T19:11:53.477Z
NVD
Status : Awaiting Analysis
Published: 2024-03-15T10:15:08.230
Modified: 2024-03-15T12:53:06.423
Link: CVE-2024-2446
Redhat
No data.