Nixpkgs security tracker

Untriaged

Permalink CVE-2025-14822

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 3 months ago

DoS from quadratic complexity in model.ParseHashtags

Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens

References

https://mattermost.com/security-updates

Affected products

Mattermost

=<10.11.8
==10.11.9
==11.2.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.5.9
- nixpkgs-unstable 10.5.9
- nixos-unstable-small 10.5.9
nixos-25.11 10.11.9
- nixpkgs-25.11-darwin 10.11.9

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.10.1
- nixpkgs-unstable 10.10.1
- nixos-unstable-small 10.10.1
nixos-25.11 11.2.1
- nixpkgs-25.11-darwin 11.2.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 5.12.1
- nixpkgs-unstable 5.12.1
- nixos-unstable-small 5.12.1
nixos-25.11 5.13.1
- nixpkgs-25.11-darwin 5.13.1

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver