CVE-2019-20860
MEDIUMMattermost Server < 5.14.0, < 5.13.3, < 5.12.6, < 5.9.4 - Denial of Service via Crafted SVG Document
Title source: llmDescription
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://mattermost.com/security-updates/
Scores
CVSS v3
5.5
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
Status
published
Products (2)
mattermost/mattermost_server
5.14.0 rc1 (5 CPE variants)
mattermost/mattermost_server
< 5.9.4
Published
Jun 19, 2020
Tracked Since
Feb 18, 2026