15 matches found
EUVD-2024-2720
Malicious code in bioql PyPI...
EUVD-2025-0093
Malicious code in bioql PyPI...
CVE-2025-21088
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
CVE-2024-47003
Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...
SUSE CVE-2024-47003
Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...
SUSE CVE-2025-21088
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
Improper Input Validation
Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of the style of proto supplied to an action's style in post.props.attachments, which allows attackers to crash the frontend by providing crafted malicious input...
Mattermost Incorrect Type Conversion or Cast
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
CVE-2025-21088
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
CVE-2025-21088
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
CVE-2025-21088
CVE-2025-21088 – Mattermost frontend crash via invalid proto style validation . The issue affects Mattermost Server versions 9.11.x (≤9.11.5), 10.0.x (≤10.0.3), 10.1.x (≤10.1.3), and 10.2.x (≤10.2.0) where the style of proto supplied to an action’s style in post.props.attachments is not properly ...
CVE-2025-21088 WebApp crash via improper validation of proto style in attachments
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
CVE-2025-21088 WebApp crash via improper validation of proto style in attachments
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
CVE-2024-47003
Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...
PT-2024-32335 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...