Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-02-29T08:06:28.334Z
Updated: 2024-08-01T23:36:21.288Z
Reserved: 2024-02-26T08:14:42.970Z
Link: CVE-2024-24988
Vulnrichment
Updated: 2024-08-01T23:36:21.288Z
NVD
Status : Awaiting Analysis
Published: 2024-02-29T08:15:47.640
Modified: 2024-02-29T13:49:29.390
Link: CVE-2024-24988
Redhat
No data.