GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

GHSA-r7fm-3pqm-ww5w: Chall-Manager's scenario decoding process does not check for zip bombs

GHSA-3gv2-v3jx-r9fh: Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive

GHSA-54xv-94qv-2gfg: @pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

GHSA-275g-g844-73jh: Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.

**Mattermost did not properly restrict channel creation**

Low severity GitHub Reviewed Published Aug 1, 2024 to the GitHub Advisory Database • Updated Aug 2, 2024

Headline

GHSA-vvpg-55p7-5h8w: Mattermost did not properly restrict channel creation

ghsa: Latest News