CVE-2019-20871 โ€” Regex Denial of Service in Server

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mattermost Server
Timeline
PublishedJun 19
Latest updateMay 24

Description

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDmattermost/mattermost_server5.7.0 โ€” 5.7.3+3

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-q3p5-24hp-vq34: An issue was discovered in Mattermost Server before 5โ†—2022-05-24
โ–ถ
CVEList
CVE-2019-20871: An issue was discovered in Mattermost Server before 5โ†—2020-06-19
โ–ถ
CVE-2019-20871 โ€” Regex Denial of Service in Server | cvebase