CVE-2017-18871

2020-06-1917:15:11

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.5%

JSON

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.

CPENameOperatorVersion
mattermost-servereq4.4.0-rc4
mattermost-servereq4.4.2
mattermost-servereq4.4.0
mattermost-servereq4.4.2-rc1
mattermost-servereq4.4.3-rc1
mattermost-servereq4.4.1-rc1
mattermost-servereq4.4.3
mattermost-servereq4.4.1
mattermost-servereq4.4.0-rc5

Name	Operator	Version
mattermost-server	eq	4.4.0-rc4
mattermost-server	eq	4.4.2
mattermost-server	eq	4.4.0
mattermost-server	eq	4.4.2-rc1
mattermost-server	eq	4.4.3-rc1
mattermost-server	eq	4.4.1-rc1
mattermost-server	eq	4.4.3
mattermost-server	eq	4.4.1
mattermost-server	eq	4.4.0-rc5

References

mattermost.com/security-updates/