6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.7%
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service (DoS). The vulnerability exists because the Unescape
function of inlines.go
does not efficiently process Markdown strings, allowing an attacker to cause an application crash by sending a direct message containing a large number of escaped characters.
github.com/advisories/GHSA-4qcm-px3r-jfr8
github.com/mattermost/mattermost/commit/452c3a736ec43b18681c6288cc520b5eb07461e9
github.com/mattermost/mattermost/commit/ca1703fa09f7009d734f87104ada72e88003ee82
github.com/mattermost/mattermost/commit/dac1aba0aedbcbc809262924def5b544e37ae7a6
mattermost.com/security-updates/