CVE-2017-18892: Mattermost Server does not neutralize HTML content in an Email template field
(updated )
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
References
- github.com/advisories/GHSA-wj5w-qghh-gvqp
- github.com/mattermost/mattermost
- github.com/mattermost/mattermost/commit/4e05fbffed4d7ad75c0bb55d67d2c6f7cf9eaad6
- github.com/mattermost/mattermost/commit/d76946bdb545aba4088943fc523dabb459d22873
- github.com/mattermost/mattermost/commit/f5167f3ba645b829f4c28530e13be6c3db967255
- mattermost.com/security-updates
- nvd.nist.gov/vuln/detail/CVE-2017-18892
Code Behaviors & Features
Detect and mitigate CVE-2017-18892 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →