Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-p2wq-4ggp-45f3

GitHub Security Advisory

Mattermost fails to limit the size of a request path

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths

Affected Packages

Go github.com/mattermost/mattermost-server
Affected versions: 8.1.0 (fixed in 8.1.12)
Go github.com/mattermost/mattermost-server
Affected versions: 9.5.0 (fixed in 9.5.3)
Go github.com/mattermost/mattermost-server
Affected versions: 9.6.0-rc1 (fixed in 9.6.1)

Related CVEs

CVE-2024-22091

Key Information

GHSA ID
GHSA-p2wq-4ggp-45f3
Published
April 26, 2024 9:30 AM
Last Modified
May 12, 2025 9:50 PM
CVSS Score
2.5 /10
Primary Ecosystem
Go
Primary Package
github.com/mattermost/mattermost-server
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 7, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.