x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604

julieqiu · 2022-08-01T18:14:55Z

In GitHub Security Advisory GHSA-hv5f-73mr-7vvj, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server/v5	5.39	< 5.39

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/mattermost/mattermost-server/v5
    versions:
      - fixed: 5.39.0
description: Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard
    contents, which allows a user-assisted attacker to inject arbitrary web script
    in product deployments that explicitly disable the default CSP.
published: 2021-09-23T23:11:06Z
last_modified: 2021-10-06T13:08:14Z
cves:
  - CVE-2021-37860
ghsas:
  - GHSA-hv5f-73mr-7vvj
links:
    context:
      - https://github.com/advisories/GHSA-hv5f-73mr-7vvj

The text was updated successfully, but these errors were encountered:

rolandshoemaker · 2022-08-03T18:17:11Z

Vuln in tool.

gopherbot · 2024-06-14T19:51:32Z

Change https://go.dev/cl/592769 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:35:51Z

Change https://go.dev/cl/607221 mentions this issue: data/reports: unexclude 20 reports (19)

- data/reports/GO-2022-0573.yaml - data/reports/GO-2022-0576.yaml - data/reports/GO-2022-0577.yaml - data/reports/GO-2022-0578.yaml - data/reports/GO-2022-0579.yaml - data/reports/GO-2022-0580.yaml - data/reports/GO-2022-0583.yaml - data/reports/GO-2022-0584.yaml - data/reports/GO-2022-0585.yaml - data/reports/GO-2022-0590.yaml - data/reports/GO-2022-0591.yaml - data/reports/GO-2022-0593.yaml - data/reports/GO-2022-0595.yaml - data/reports/GO-2022-0597.yaml - data/reports/GO-2022-0599.yaml - data/reports/GO-2022-0600.yaml - data/reports/GO-2022-0602.yaml - data/reports/GO-2022-0604.yaml - data/reports/GO-2022-0606.yaml - data/reports/GO-2022-0608.yaml Updates #573 Updates #576 Updates #577 Updates #578 Updates #579 Updates #580 Updates #583 Updates #584 Updates #585 Updates #590 Updates #591 Updates #593 Updates #595 Updates #597 Updates #599 Updates #600 Updates #602 Updates #604 Updates #606 Updates #608 Change-Id: Ia252601b7fb2d97b5dfa7d95d14ebbb1b9cc0459 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607221 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>

julieqiu assigned rolandshoemaker Aug 3, 2022

rolandshoemaker added the NotGoVuln label Aug 3, 2022

rolandshoemaker closed this as completed Aug 3, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 10, 2022

GoVulnBot mentioned this issue Sep 27, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164

Closed

This was referenced Oct 29, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762v-rq7q-ff97 #3234

Closed

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-g376-m3h3-mj4r #3235

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604

julieqiu commented Aug 1, 2022

rolandshoemaker commented Aug 3, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604

Comments

julieqiu commented Aug 1, 2022

rolandshoemaker commented Aug 3, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024