x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-8f99-g2pj-x8w3 #2795
Description
In GitHub Security Advisory GHSA-8f99-g2pj-x8w3, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mattermost/mattermost-server | 9.6.1 | >= 9.6.0-rc1, <= 9.6.0 |
Cross references:
- Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/mattermost/mattermost-server
versions:
- introduced: TODO (earliest fixed "9.6.1", vuln range ">= 9.6.0-rc1, <= 9.6.0")
packages:
- package: github.com/mattermost/mattermost-server
- module: github.com/mattermost/mattermost-server
versions:
- introduced: TODO (earliest fixed "9.5.3", vuln range ">= 9.5.0, <= 9.5.2")
packages:
- package: github.com/mattermost/mattermost-server
- module: github.com/mattermost/mattermost-server
versions:
- introduced: TODO (earliest fixed "9.4.5", vuln range ">= 9.4.0, <= 9.4.4")
packages:
- package: github.com/mattermost/mattermost-server
- module: github.com/mattermost/mattermost-server
versions:
- introduced: TODO (earliest fixed "8.1.12", vuln range ">= 8.1.0, <= 8.1.11")
packages:
- package: github.com/mattermost/mattermost-server
summary: Mattermost crashes web clients via a malformed custom status in github.com/mattermost/mattermost-server
cves:
- CVE-2024-4182
ghsas:
- GHSA-8f99-g2pj-x8w3
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2024-4182
- web: https://mattermost.com/security-updates
- fix: https://github.com/mattermost/mattermost/commit/41333a0babf565453d89287549bec1e546e75ce7
- fix: https://github.com/mattermost/mattermost/commit/6cbab0f7ece104681f73dd12c75d9f22d567125e
- fix: https://github.com/mattermost/mattermost/commit/a99dadd80c57d376185ca06f8f70919a6f135bc6
- fix: https://github.com/mattermost/mattermost/commit/f84f8ed65f6a5faba974426424b684635455a527
- advisory: https://github.com/advisories/GHSA-8f99-g2pj-x8w3
source:
id: GHSA-8f99-g2pj-x8w3