Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an actions style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
Weakness
The product does not correctly convert an object, resource, or structure from one type to a different type.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mattermost_server | Mattermost | 9.11.0 (including) | 9.11.6 (excluding) |
| Mattermost_server | Mattermost | 10.0.0 (including) | 10.0.4 (excluding) |
| Mattermost_server | Mattermost | 10.1.0 (including) | 10.1.4 (excluding) |
| Mattermost_server | Mattermost | 10.2.0 (including) | 10.2.0 (including) |