CVE-2024-24975

Denial of Service for mobile app users due to automatic code highlighting

CVSS 3.5 LOWEPSS 0.4%CWE-400

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Mar 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Affected products

Mattermost · Mattermost Mobile

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://mattermost.com/security-updates