diff --git a/data/osv/GO-2025-3407.json b/data/osv/GO-2025-3407.json new file mode 100644 index 00000000..8bc97195 --- /dev/null +++ b/data/osv/GO-2025-3407.json @@ -0,0 +1,124 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3407", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2025-20621", + "GHSA-w6xh-c82w-h997" + ], + "summary": "Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server", + "details": "Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "9.11.0+incompatible" + }, + { + "fixed": "9.11.6+incompatible" + }, + { + "introduced": "10.0.0+incompatible" + }, + { + "fixed": "10.0.4+incompatible" + }, + { + "introduced": "10.1.0+incompatible" + }, + { + "fixed": "10.1.4+incompatible" + }, + { + "introduced": "10.2.0+incompatible" + }, + { + "fixed": "10.2.1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost/server/v8", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20241127161322-25ff7a3779a5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-w6xh-c82w-h997" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20621" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3407", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2025-3407.yaml b/data/reports/GO-2025-3407.yaml new file mode 100644 index 00000000..cd162dcd --- /dev/null +++ b/data/reports/GO-2025-3407.yaml @@ -0,0 +1,35 @@ +id: GO-2025-3407 +modules: + - module: github.com/mattermost/mattermost-server + versions: + - introduced: 9.11.0+incompatible + - fixed: 9.11.6+incompatible + - introduced: 10.0.0+incompatible + - fixed: 10.0.4+incompatible + - introduced: 10.1.0+incompatible + - fixed: 10.1.4+incompatible + - introduced: 10.2.0+incompatible + - fixed: 10.2.1+incompatible + vulnerable_at: 10.2.1-rc1+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + vulnerable_at: 6.7.2 + - module: github.com/mattermost/mattermost/server/v8 + versions: + - fixed: 8.0.0-20241127161322-25ff7a3779a5 +summary: Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server +cves: + - CVE-2025-20621 +ghsas: + - GHSA-w6xh-c82w-h997 +references: + - advisory: https://github.com/advisories/GHSA-w6xh-c82w-h997 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-20621 + - web: https://mattermost.com/security-updates +notes: + - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed' +source: + id: GHSA-w6xh-c82w-h997 + created: 2025-01-17T21:15:40.283974488Z +review_status: UNREVIEWED