CVE

GHSA-8q4v-35v6-g8wr

Mattermost Server is vulnerable CSV Injection

Back to all

CVE

GHSA-8q4v-35v6-g8wr

Mattermost Server is vulnerable CSV Injection

An issue was discovered in Mattermost Server before 4.0.4 and 3.10.3. It allows CSV injection via a compliance report.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

9.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-18900, https://github.com/mattermost/mattermost/commit/eaa598aba901a20c65c52dd1e1b82e7e1dffb962, https://github.com/mattermost/mattermost, https://mattermost.com/security-updates

Severity

9.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

0.00647%

EPSS Percentile

0.70187%

Introduced Version

0,v4.0.0+incompatible,v3.0.0+incompatible,v0.0.0-20160310173905-6d21a339dc3a

Fix Available

3.10.3,v4.0.4-rc1+incompatible,v3.10.3-rc1+incompatible,v0.0.0-20170728153237-571e4f2ae10d

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-8q4v-35v6-g8wr

GHSA-8q4v-35v6-g8wr

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

9.8

Basic Information

Fix Critical Vulnerabilities Instantly