CVE-2017-18871 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-18871

CWE

https://cwe.mitre.org/data/definitions/.html

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.

Affected Software

Name	Vendor	Start Version	End Version
Mattermost_server	Mattermost	*	4.2.2 (excluding)
Mattermost_server	Mattermost	4.3.0 (including)	4.3.4 (excluding)
Mattermost_server	Mattermost	4.4.0 (including)	4.4.5 (excluding)
Mattermost_server	Mattermost	4.5.0-rc1 (including)	4.5.0-rc1 (including)
Mattermost_server	Mattermost	4.5.0-rc2 (including)	4.5.0-rc2 (including)
Mattermost_server	Mattermost	4.5.0-rc3 (including)	4.5.0-rc3 (including)
Mattermost_server	Mattermost	4.5.0-rc4 (including)	4.5.0-rc4 (including)

References

https://mattermost.com/security-updates/