CVE-2024-2446 Information

Description

Mattermost versions 8.1.x before 8.1.10 9.2.x before 9.2.6 9.3.x before 9.3.2 and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message allowing an authenticated attacker to crash the client applications of other users via large crafted messages.

Reference

https://mattermost.com/security-updates