VDB
GO-2024-3164
GO-2024-3164
PUBLISHED
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | mattermost/mattermost-server | 0, 0 |
| github.com | mattermost/mattermost-server/v6 | 0, 0 |
| github.com | mattermost/mattermost-server/v5 | 0, 0 |
| github.com | mattermost/mattermost/server/v8 | 0, 0 |
Timeline
- Oct 10, 2024 CVE Published
- Feb 4, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/advisories/GHSA-59hf-mpf8-pqjh advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-47003 advisory
- https://github.com/mattermost/mattermost/commit/69a8b3df0f9fd3a7a5b792ec678b6191618d039b patch
- https://github.com/mattermost/mattermost/pull/27763 patch
- https://github.com/c0rydoras/cves/tree/main/CVE-2024-47003 url
- https://mattermost.com/security-updates url