Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CPE | Name | Operator | Version |
---|---|---|---|
mattermost | ge | 7.2.0 | |
mattermost | lt | 7.8.4 | |
mattermost | ge | 5.34.0 | |
mattermost | lt | 7.1.9 | |
mattermost | ge | 7.9.0 | |
mattermost | lt | 7.9.3 |