CVE-2024-1402

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-1402

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1402.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-1402

Aliases

Related

Published

2024-02-09T16:15:07Z

Modified

2024-09-03T04:39:06.457058Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost
Events: Introduced

987e843629fe3f11861fda23ceb66884f5973ef1

Last affected

6494fc712419d34ea44c8887981a7554e25c1eb6

Last affected

77aeda5cedc8ef60d06da024202b8c7999efd671

Introduced

b47be1c0f5787562ddf430dd5c5b8b3c35748b06

Last affected

9e52296cfb7c8eaf0b24e39a2ecea4bf58facd60

Affected versions

@mattermost/client@9.*

@mattermost/client@9.2.0

@mattermost/types@9.*

@mattermost/types@9.2.0

v9.*

v9.2.0

v9.2.0-rc2

v9.2.1

v9.2.2

v9.2.3

v9.2.3-rc1