CVE-2019-20860 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-20860

CWE

https://cwe.mitre.org/data/definitions/.html

An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.

Affected Software

Name	Vendor	Start Version	End Version
Mattermost_server	Mattermost	*	5.9.4 (excluding)
Mattermost_server	Mattermost	5.12.0 (including)	5.12.6 (excluding)
Mattermost_server	Mattermost	5.13.0 (including)	5.13.3 (excluding)
Mattermost_server	Mattermost	5.14.0-rc1 (including)	5.14.0-rc1 (including)
Mattermost_server	Mattermost	5.14.0-rc2 (including)	5.14.0-rc2 (including)
Mattermost_server	Mattermost	5.14.0-rc3 (including)	5.14.0-rc3 (including)
Mattermost_server	Mattermost	5.14.0-rc4 (including)	5.14.0-rc4 (including)
Mattermost_server	Mattermost	5.14.0-rc5 (including)	5.14.0-rc5 (including)

References

https://mattermost.com/security-updates/
https://mattermost.com/security-updates/