CVE-2024-1402
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Feb 9, 2024
Updated: May 30, 2024
CWE ID 400
Summary
CVE-2024-1402 introduces a vulnerability in Mattermost's handling of custom emoji reactions. The application fails to verify if a reaction exists before adding it to a post, allowing an attacker to send a large number of non-existent custom emojis. This can result in a denial-of-service (DoS) attack on both the mobile app and the server, as the server becomes overloaded when clients attempt to retrieve the affected post.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share