Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/mattermost/mattermost-server/v6(Go) | 6.0.0 | 7.1.6 | N/A |
| github.com/mattermost/mattermost-server(Go) | 7.7.0 | 7.7.2 | N/A |
| github.com/mattermost/mattermost-server(Go) | 7.1.0 | 7.1.6 | N/A |
| github.com/mattermost/mattermost-server(Go) | 7.8.0 | 7.8.1 | N/A |
| github.com/mattermost/mattermost-server/v5(Go) | 5.0.0 | 7.1.6 | N/A |
| github.com/mattermost/mattermost-server/v6(Go) | 3.3.0 | 7.1.6 | N/A |
CVSS Metrics
