Nixpkgs security tracker

Untriaged

Permalink CVE-2025-14435

6.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 3 months ago

Application-Level DoS via infinite re-render loop in user profile handling

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

References

https://mattermost.com/security-updates

Affected products

Mattermost

==11.0.7
=<10.11.8
==11.1.2
==10.11.9
==11.2.0
=<11.1.1
=<11.0.6

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.5.9
- nixpkgs-unstable 10.5.9
- nixos-unstable-small 10.5.9
nixos-25.11 10.11.9
- nixpkgs-25.11-darwin 10.11.9

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.10.1
- nixpkgs-unstable 10.10.1
- nixos-unstable-small 10.10.1
nixos-25.11 11.2.1
- nixpkgs-25.11-darwin 11.2.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 5.12.1
- nixpkgs-unstable 5.12.1
- nixos-unstable-small 5.12.1
nixos-25.11 5.13.1
- nixpkgs-25.11-darwin 5.13.1

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver