github.com/mattermost/mattermost/server/channels/app

Direct Vulnerabilities

Known vulnerabilities in the github.com/mattermost/mattermost/server/channels/app package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Time-of-check Time-of-use (TOCTOU) Race Condition	<10.11.13>=11.3.0-rc1 <11.3.3>=11.4.0-rc1 <11.4.3>=11.5.0-rc1 <11.5.1
H Improper Handling of Highly Compressed Data (Data Amplification)	>=10.11.0 <10.11.12>=11.2.0 <11.2.4>=11.3.0 <11.3.2>=11.4.0 <11.4.1
M Incorrect Authorization	>=10.11.0 <10.11.12>=11.2.0 <11.2.4>=11.3.0 <11.3.2>=11.4.0 <11.4.1
M Denial of Service (DoS)	>=10.11.0 <10.11.12>=11.2.0 <11.2.4>=11.3.0 <11.3.2>=11.4.0 <11.4.1
M Cross-site Request Forgery (CSRF)	>=10.11.0 <10.11.11>=11.2.0 <11.2.3>=11.3.0 <11.3.2>=11.4.0 <11.4.1
M Improper Check for Unusual or Exceptional Conditions	<10.11.2>=11.2.0-rc1 <11.2.4>=11.3.0-rc1 <11.3.2>=11.4.0-rc1 <11.4.1
M Incorrect Authorization	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
L Incorrect Authorization	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
M Incorrect Authorization	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
M Incorrect Authorization	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
M Missing Authorization	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
M Memory Allocation with Excessive Size Value	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
M Origin Validation Error	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
M Improper Validation of Specified Type of Input	<10.11.11>=11.2.0-rc1 <11.2.3>=11.3.0-rc1 <11.3.1
M Incorrect Implementation of Authentication Algorithm	>=10.11.0-rc1 <10.11.10>=11.1.0-rc1 <11.1.3>=11.2.0-rc1 <11.2.2
M Missing Authorization	>=10.11.0 <10.11.10>=11.1.0 <11.1.3>=11.2.0 <11.2.2
M Information Exposure	>=10.11.0 <10.11.10>=11.1.0 <11.1.3>=11.2.0 <11.2.2
C Incorrect Implementation of Authentication Algorithm	>=10.5.0 <10.5.13>=10.11.0 <10.11.5>=10.12.0 <10.12.2>=11.0.0-alpha.1 <11.0.3
C Incorrect Implementation of Authentication Algorithm	>=10.5.0 <10.5.13>=10.11.0 <10.11.5>=10.12.0 <10.12.2>=11.0.0-alpha.1 <11.0.4
M Missing Authentication for Critical Function	>=10.5.0 <10.5.12>=10.11.0 <10.11.4-rc2>=10.12.0 <10.12.1
L Incorrect Authorization	<11.0.0-alpha.1
M Incorrect Authorization	<11.0.0-alpha.1
L Authorization Bypass Through User-Controlled Key	>=9.11.0 <9.11.18>=10.5.0 <10.5.9
M Use of Weak Hash	>=9.11.0 <9.11.18>=10.5.0 <10.5.9>=10.8.0 <10.8.4>=10.9.0 <10.9.4>=10.10.0 <10.10.2-rc1
M Incorrect Authorization	>=9.11.0 <9.11.18>=10.5.0 <10.5.9
M Directory Traversal	>=9.11.0 <9.11.17-rc1>=10.5.0 <10.5.8-rc1>=10.7.0 <10.7.4-rc1>=10.8.0 <10.8.2
L Insufficiently Protected Credentials	>=9.11.0 <9.11.17>=10.5.0 <10.5.8-rc1
H Missing Authentication for Critical Function	>=9.11.0 <9.11.17-rc1>=10.5.0 <10.5.7>=10.7.0 <10.7.4-rc1>=10.8.0 <10.8.2
H Incorrect Implementation of Authentication Algorithm	>=9.0.0-rc1 <9.11.13>=10.0.0-rc1 <10.5.4>=10.6.0-rc1 <10.6.3>=10.7.0-rc1 <10.7.1
M Incorrect Implementation of Authentication Algorithm	>=9.0.0-rc1 <9.11.13>=10.0.0-rc1 <10.5.4>=10.6.0-rc1 <10.6.3>=10.7.0-rc1 <10.7.1
M Incorrect Authorization	>=9.11.0 <9.11.12>=10.5.0 <10.5.3
M Overly Restrictive Account Lockout Mechanism	>=9.11.0 <9.11.12>=10.4.0 <10.4.5>=10.5.0 <10.5.3>=10.6.0 <10.6.2
M Incorrect Implementation of Authentication Algorithm	<9.11.10-rc1>=10.4.0-rc1 <10.4.4>=10.5.0-rc1 <10.5.2>=10.6.0-rc1 <10.6.0-rc2
L Exposure of Sensitive Information Through Metadata	>=9.11.0 <9.11.10-rc1>=10.5.0 <10.5.2
M Incorrect Authorization	<9.11.10>=10.4.0 <10.4.4>=10.5.0 <10.5.2
M Incorrect Authorization	<9.11.10>=10.4.0 <10.4.4>=10.5.0 <10.5.2
M Incorrect Authorization	>=9.11.0-rc1 <9.11.10>=10.0.0-rc1 <10.4.4>=10.5.0-rc1 <10.5.2
M Incorrect Authorization	<0.1.10
H Missing Authentication for Critical Function	<9.11.9>=10.3.0-rc1 <10.3.4>=10.4.0-rc1 <10.4.3>=10.5.0-rc1 <10.5.1
M Incorrect Authorization	>=9.11.0-rc1 <9.11.9-rc1>=10.0.0-rc1 <10.5.0-rc3
L Session Fixation	<10.5.0
M Improper Validation of Specified Type of Input	>=9.11.0 <9.11.6>=10.0.0 <10.0.4>=10.1.0-rc1 <10.1.4>=10.2.0 <10.2.1
M Race Condition	>=9.5.0 <9.5.13-rc1>=9.11.0 <9.11.5-rc1>=10.0.0 <10.0.3-rc1>=10.1.0 <10.1.3-rc1
M Incorrect Authorization	<9.9.3
L Improper Access Control	>=9.5.0 <9.5.9
M Improper Check for Unusual or Exceptional Conditions	>=9.5.0-rc1 <9.5.9-rc1>=9.11.0-rc1 <9.11.1-rc1

Vulnerability

Vulnerable Version

Time-of-check Time-of-use (TOCTOU) Race Condition

<10.11.13>=11.3.0-rc1 <11.3.3>=11.4.0-rc1 <11.4.3>=11.5.0-rc1 <11.5.1

Improper Handling of Highly Compressed Data (Data Amplification)

>=10.11.0 <10.11.12>=11.2.0 <11.2.4>=11.3.0 <11.3.2>=11.4.0 <11.4.1

Incorrect Authorization

>=10.11.0 <10.11.12>=11.2.0 <11.2.4>=11.3.0 <11.3.2>=11.4.0 <11.4.1

Denial of Service (DoS)

>=10.11.0 <10.11.12>=11.2.0 <11.2.4>=11.3.0 <11.3.2>=11.4.0 <11.4.1

Cross-site Request Forgery (CSRF)

>=10.11.0 <10.11.11>=11.2.0 <11.2.3>=11.3.0 <11.3.2>=11.4.0 <11.4.1

Improper Check for Unusual or Exceptional Conditions

<10.11.2>=11.2.0-rc1 <11.2.4>=11.3.0-rc1 <11.3.2>=11.4.0-rc1 <11.4.1

Incorrect Authorization