CVE-2017-18900: Mattermost Server is vulnerable CSV Injection

May 24, 2022 (updated January 12, 2026)

An issue was discovered in Mattermost Server before 4.0.4 and 3.10.3. It allows CSV injection via a compliance report.

References

github.com/advisories/GHSA-8q4v-35v6-g8wr
github.com/mattermost/mattermost
github.com/mattermost/mattermost/commit/eaa598aba901a20c65c52dd1e1b82e7e1dffb962
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2017-18900

Code Behaviors & Features

Detect and mitigate CVE-2017-18900 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →