Asymmetric denial of service In github.com/mattermost/mattermost-server
Description
Mattermost is vulnerable to DoS due to infinite re-renders on API errors Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 go | github.com/mattermost/mattermost-server | 10.11.9, 11.1.2, 11.0.7 | |
go | github.com/mattermost/mattermost/server/v8 | 8.0.0-20251210072417-cc6b77b27132 |
Aliases
References
1. https://github.com/mattermost/mattermost/commit/613bb616cd62c584a606919e6978688e7b87d81e2. https://github.com/mattermost/mattermost/commit/9f7629504bc93f79af8d606329c025a687e143cd3. https://github.com/mattermost/mattermost/commit/cc6b77b271324796b72f1e6b82dba85a86462f9f4. https://mattermost.com/security-updates
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.