Incorrect Type Conversion or Cast Affecting github.com/mattermost/mattermost/server/v8 package, versions >=9.11.0 <9.11.6>=10.0.0 <10.0.4>=10.1.0 <10.1.4>=10.2.0 <10.2.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERV8-8631677
- published16 Jan 2025
- disclosed15 Jan 2025
- creditc0rydoras
Introduced: 15 Jan 2025
NewCVE-2025-21088 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade github.com/mattermost/mattermost/server/v8 to version 9.11.6, 10.0.4, 10.1.4, 10.2.1 or higher.
Overview
Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast where an attacker can supply a style of proto to an action's style in post.props.attachments resulting in the webapp crashing.