GHSA-xvq6-h898-wcj8

Source

https://github.com/advisories/GHSA-xvq6-h898-wcj8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-xvq6-h898-wcj8/GHSA-xvq6-h898-wcj8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-xvq6-h898-wcj8

Aliases

CVE-2023-5967

Published

2023-11-06T18:30:19Z

Modified

2023-11-08T15:11:51.162849Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Mattermost denial of service vulnerability

Details

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

Database specific

{
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-754"
    ],
    "nvd_published_at": "2023-11-06T16:15:42Z",
    "github_reviewed_at": "2023-11-08T14:53:27Z",
    "github_reviewed": true
}

References

Affected packages

github.com/mattermost/mattermost-server/v6

Package

Name: github.com/mattermost/mattermost-server/v6; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost-server/v6

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.8.12

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-xvq6-h898-wcj8/GHSA-xvq6-h898-wcj8.json"

github.com/mattermost/mattermost/server/v8

Package

Name: github.com/mattermost/mattermost/server/v8; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost/server/v8

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Fixed

8.0.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-xvq6-h898-wcj8/GHSA-xvq6-h898-wcj8.json"

github.com/mattermost/mattermost/server/v8

Package

Name: github.com/mattermost/mattermost/server/v8; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost/server/v8

Affected ranges

Type: SEMVER
Events: Introduced

8.1.0

Fixed

8.1.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-xvq6-h898-wcj8/GHSA-xvq6-h898-wcj8.json"

github.com/mattermost/mattermost/server/v8

Package

Name: github.com/mattermost/mattermost/server/v8; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost/server/v8

Affected ranges

Type: SEMVER
Events: Introduced

9.0.0

Fixed

9.0.1

Affected versions

9.*

9.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-xvq6-h898-wcj8/GHSA-xvq6-h898-wcj8.json"