10 matches found
EUVD-2025-0107
Malicious code in bioql PyPI...
GO-2025-3407 Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server
Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server...
GHSA-W6XH-C82W-H997 Mattermost webapp crash via a crafted post
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
Mattermost webapp crash via a crafted post
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621
Summary (CVE-2025-20621) Mattermost webapp crashes when processing posts with attachments containing fields that cannot be cast to a String. Affected versions include Mattermost 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, and 10.1.x
CVE-2025-20621 Webapp crash via object that can't be cast to String in Attachment Field
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621 Webapp crash via object that can't be cast to String in Attachment Field
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
Mattermost: Specially crafted message request crashes the webapp for users who view the message
A specially crafted message request with a modified deletedat JSON parameter could crash the webapp for all users viewing the channel, or for anyone viewing a different channel if they switch to that channel afterward. This vulnerability could be exploited to prevent users from accessing a channe...