Mk7120

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 **Description** Failure to validate the response body of proxied images allows a remote attacker to cause a client-side Denial of Service (DoS). This occurs when an SVG file is served from an attacker-controlled origin using a non-SVG Content-Type header, such as 'image/png', and is embedded within an `og:image` meta tag or a Markdown image link. **Recommendations** Update versions 11.5.0 through 11.5.1 to a newer version. Update versions 10.11.0 through 10.11.13 to a newer version. Update versions 11.4.0 through 11.4.3 to a newer version.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.4.0 and earlier Mattermost versions 11.3.1 and earlier Mattermost versions 11.2.3 and earlier Mattermost versions 10.11.11 and earlier **Description** The software does not properly prevent the rendering of external Scalable Vector Graphics (SVGs) within link embeds. This allows unauthenticated users to cause the Mattermost web application and desktop application to crash by creating an issue or pull request on GitHub. **Recommendations** Update Mattermost to a version later than 11.4.0. Update Mattermost to a version later than 11.3.1. Update Mattermost to a version later than 11.2.3. Update Mattermost to a version later than 10.11.11.