Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Wed, 15 Jan 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 15 Jan 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input. | |
Title | WebApp crash via improper validation of proto style in attachments | |
Weaknesses | CWE-704 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2025-01-15T15:51:49.474Z
Updated: 2025-01-15T16:20:11.778Z
Reserved: 2025-01-15T15:30:33.435Z
Link: CVE-2025-21088
Vulnrichment
Updated: 2025-01-15T16:19:05.431Z
NVD
Status : Received
Published: 2025-01-15T16:15:32.413
Modified: 2025-01-15T16:15:32.413
Link: CVE-2025-21088
Redhat
No data.