Nixpkgs security tracker

Dismissed

Permalink CVE-2025-14822

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

updated 2 months, 4 weeks ago by @LeSuisse Activity log

Created automatic suggestion 2 months, 4 weeks ago
@LeSuisse ignored
3 packages
- python312Packages.mattermostdriver
- python313Packages.mattermostdriver
- mattermost-desktop
2 months, 4 weeks ago
@LeSuisse dismissed 2 months, 4 weeks ago

DoS from quadratic complexity in model.ParseHashtags

Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens

References

https://mattermost.com/security-updates

Affected products

Mattermost

=<10.11.8
==10.11.9
==11.2.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.8
- nixpkgs-unstable 10.11.7
- nixos-unstable-small 10.11.8

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.0.5
- nixpkgs-unstable 11.0.5
- nixos-unstable-small 11.0.5

Ignored packages (3)

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 5.13.1
- nixpkgs-unstable 5.13.1
- nixos-unstable-small 5.13.1

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

pkgs.python313Packages.mattermostdriver