CVE-2024-22091
published 2024-04-26CVE-2024-22091: Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 8.1.0 < 8.1.12 | 8.1.12 |
| github.com | mattermost_mattermost-server | >= 8.1.0+incompatible < 8.1.12+incompatible | 8.1.12+incompatible |
| github.com | mattermost_mattermost-server | >= 9.5.0 < 9.5.3 | 9.5.3 |
| github.com | mattermost_mattermost-server | >= 9.5.0+incompatible < 9.5.3+incompatible | 9.5.3+incompatible |
| github.com | mattermost_mattermost-server | >= 9.6.0-rc1 < 9.6.1 | 9.6.1 |
| github.com | mattermost_mattermost-server | >= 9.6.0-rc1+incompatible < 9.6.1+incompatible | 9.6.1+incompatible |
| mattermost | mattermost | — | — |
| mattermost | mattermost | 8.1.0 – 8.1.10 | — |
| mattermost | mattermost | 9.5.0 – 9.5.2 | — |
| mattermost | mattermost_server | >= 8.1.0 < 8.1.12 | 8.1.12 |
| mattermost | mattermost_server | >= 9.5.0 < 9.5.3 | 9.5.3 |
| mattermost | mattermost_server | >= 9.6.0 < 9.6.1 | 9.6.1 |