Total vulnerabilities in the database
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
Software | From | Fixed in |
---|---|---|
mattermost / mattermost | 7.2.0 | 7.8.4 |
mattermost / mattermost | 5.34.0 | 7.1.9 |
mattermost / mattermost | 7.9.0 | 7.9.3 |