CVE-2024-24988
EUVD-2024-053729.02.2024, 08:15
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 𝑥 < 8.1.8 |
| mattermost | mattermost_server | 9.0.0 ≤ 𝑥 < 9.1.5 |
| mattermost | mattermost_server | 9.2.0 ≤ 𝑥 < 9.2.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 𝑥 ≤ 9.2.4 | CNA |
| mattermost | mattermost | 𝑥 ≤ 8.1.8 | CNA |
| mattermost | mattermost | 𝑥 ≤ 9.3.0 | CNA |