Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post.
CPE | Name | Operator | Version |
---|---|---|---|
mattermost_server | le | 8.1.7 | |
mattermost_server | ge | 9.0.0 | |
mattermost_server | le | 9.1.4 | |
mattermost_server | ge | 9.2.0 | |
mattermost_server | le | 9.2.3 |