CVE-2019-20860

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-20860

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20860.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-20860

Published

2020-06-19T15:15:10.743Z

Modified

2026-02-05T11:06:16.674184Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Fixed

2c5a87bfbcaa0f313b2a7913186df7f8ddd1747b

Introduced

bfd66aa445a2df8c6ed6ba9f2567021ecf6c9f3b

Fixed

96e36f73b25d7caa4d09c4a967fea54f57e9a52c

Introduced

f8469de7724a9449b43b514a99acefaf02430ad9

Fixed

9deca834d16c13b21a209e0fb5f681df047e2db1

Affected versions

v5.*

v5.12.0

v5.12.0-rc6

v5.12.1

v5.12.1-rc1

v5.12.2

v5.12.2-rc1

v5.12.3

v5.12.3-rc1

v5.12.4

v5.12.4-rc1

v5.12.5

v5.12.5-rc1

v5.13.0

v5.13.0-rc1

v5.13.0-rc2

v5.13.0-rc3

v5.13.0-rc4

v5.13.1

v5.13.1-rc1

v5.13.2

v5.13.2-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20860.json"