Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.

Related CVEs

CVE-2024-32945

Key Information

GHSA ID

GHSA-xq9p-hq98-j4x4

Published

July 15, 2024 9:36 AM

Last Modified

July 16, 2024 6:31 PM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.