CVE-2024-24988

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-24988

Severity

Unknown

Description

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.

References

https://images.chainguard.dev/security/CGA-h6hp-7cfm-2whx
https://github.com/advisories/GHSA-6mx3-9qfh-77gj
https://images.chainguard.dev/security/CGA-jcm4-hv7p-w366
https://images.chainguard.dev/security/CGA-q862-xfvv-q33j
https://images.chainguard.dev/security/CGA-r9pm-6pj9-gp2p
https://images.chainguard.dev/security/CGA-hm9q-mfjh-pr3m
https://images.chainguard.dev/security/CGA-q5wm-3vhv-qh92
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-24988

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources