x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184

GoVulnBot · 2023-11-08T15:01:32Z

In GitHub Security Advisory GHSA-xvq6-h898-wcj8, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost/server/v8	9.0.1	= 9.0.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: TODO (earliest fixed "9.0.1", vuln range "= 9.0.0")
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 8.1.0
          fixed: 8.1.3
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 8.0.0
          fixed: 8.0.4
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - fixed: 7.8.12
      packages:
        - package: github.com/mattermost/mattermost-server/v6
summary: Mattermost denial of service vulnerability
cves:
    - CVE-2023-5967
ghsas:
    - GHSA-xvq6-h898-wcj8
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-5967
    - web: https://mattermost.com/security-updates
    - advisory: https://github.com/advisories/GHSA-xvq6-h898-wcj8

The text was updated successfully, but these errors were encountered:

zpavlinovic · 2023-11-08T17:30:20Z

Vulnerability in tool.

gopherbot · 2023-11-08T22:27:25Z

Change https://go.dev/cl/540875 mentions this issue: data/excluded: batch add 3 excluded reports

gopherbot · 2024-06-14T17:48:21Z

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports

zpavlinovic self-assigned this Nov 8, 2023

zpavlinovic added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Nov 8, 2023

tatianab removed the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Nov 8, 2023

zpavlinovic added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Nov 8, 2023

gopherbot closed this as completed in 8f8dd86 Nov 8, 2023

GoVulnBot mentioned this issue Dec 8, 2023

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-63cv-4pc2-4fcf #2390

Closed

GoVulnBot mentioned this issue Feb 9, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541

Closed

GoVulnBot mentioned this issue Feb 19, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566

Closed

GoVulnBot mentioned this issue Mar 10, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184

GoVulnBot commented Nov 8, 2023

zpavlinovic commented Nov 8, 2023

gopherbot commented Nov 8, 2023

gopherbot commented Jun 14, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184

Comments

GoVulnBot commented Nov 8, 2023

zpavlinovic commented Nov 8, 2023

gopherbot commented Nov 8, 2023

gopherbot commented Jun 14, 2024