GHSA-32h7-7j94-8fc2

Source
https://github.com/advisories/GHSA-32h7-7j94-8fc2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-32h7-7j94-8fc2/GHSA-32h7-7j94-8fc2.json
Aliases
Published
2024-02-09T18:31:07Z
Modified
2024-02-16T08:16:06.198159Z
Details

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. 

References

Affected packages

Go / github.com/mattermost/mattermost/server/v8

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
8.1.8

Go / github.com/mattermost/mattermost/server/v8

Affected ranges

Type
SEMVER
Events
Introduced
9.2.0
Fixed
9.2.4

Go / github.com/mattermost/mattermost/server/v8

Affected ranges

Type
SEMVER
Events
Introduced
9.1.0
Fixed
9.1.5