GO-2025-3407 Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server

Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server...

GHSA-W6XH-C82W-H997 Mattermost webapp crash via a crafted post

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...

Mattermost webapp crash via a crafted post

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...

CVE-2025-20621

Summary (CVE-2025-20621) Mattermost webapp crashes when processing posts with attachments containing fields that cannot be cast to a String. Affected versions include Mattermost 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, and 10.1.x

CVE-2023-6458 Client side path traversal due to lack of route parameters validation

Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal...

MAL-2022-4506 Malicious code in mattermost-webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9ce8f02251eba861f2430bb80e15d90e2ea15ebcfe9586d76c3a65b6c935e03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mattermost-webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9ce8f02251eba861f2430bb80e15d90e2ea15ebcfe9586d76c3a65b6c935e03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4507 Malicious code in mattermost-webapp-profiling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0507ee66265c1781e45307f46fd6db9ec8af3481f25b080e9f3d8a628ad350b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview mattermost-webapp is a malicious package. This package contained malicious code and was removed from the registry by the npm security team. Remediation Avoid using all malicious instances of the mattermost-webapp package...