Nixpkgs Security Tracker

Permalink CVE-2025-14822

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
3 packages
- python312Packages.mattermostdriver
- python313Packages.mattermostdriver
- mattermost-desktop
1 month ago
@LeSuisse dismissed 1 month ago

DoS from quadratic complexity in model.ParseHashtags

Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens

Affected products

Mattermost

==10.11.9
==11.2.0
=<10.11.8

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.8
- nixpkgs-unstable 10.11.7
- nixos-unstable-small 10.11.8

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.0.5
- nixpkgs-unstable 11.0.5
- nixos-unstable-small 11.0.5

Package maintainers

@numinit Morgan Jones <me+nixpkgs@numin.it>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@ryantm Ryan Mulligan <ryan@ryantm.com>

Already fixed in unstable and stable branches.

Permalink CVE-2025-14435

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- python312Packages.mattermostdriver
- python313Packages.mattermostdriver
- mattermost-desktop
- mattermostLatest
- mattermost
1 month ago
@LeSuisse added
2 packages
- mattermostLatest
- mattermost
1 month ago
@LeSuisse dismissed 1 month ago

Application-Level DoS via infinite re-render loop in user profile handling

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

Affected products

Mattermost

==11.0.7
=<11.0.6
==11.2.0
=<10.11.8
==10.11.9
=<11.1.1
==11.1.2

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.8
- nixpkgs-unstable 10.11.7
- nixos-unstable-small 10.11.8

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.0.5
- nixpkgs-unstable 11.0.5
- nixos-unstable-small 11.0.5

Package maintainers

@numinit Morgan Jones <me+nixpkgs@numin.it>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@ryantm Ryan Mulligan <ryan@ryantm.com>

Already fixed in unstable and stable branches.

Suggestions search

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

Package maintainers

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

Package maintainers