x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-vx97-8q8q-qgq5

[GoVulnBot]

In GitHub Security Advisory GHSA-vx97-8q8q-qgq5, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server	9.4.5	>= 9.4.0, <= 9.4.4

Cross references:

• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.4.5", vuln range ">= 9.4.0, <= 9.4.4")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.6.1", vuln range ">= 9.6.0-rc1, <= 9.6.0")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.5.3", vuln range ">= 9.5.0, <= 9.5.2")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "8.1.12", vuln range ">= 8.1.0, <= 8.1.11")
      packages:
        - package: github.com/mattermost/mattermost-server
summary: Mattermost's detailed error messages reveal the full file path in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-32046
ghsas:
    - GHSA-vx97-8q8q-qgq5
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-32046
    - web: https://mattermost.com/security-updates
    - fix: https://github.com/mattermost/mattermost/commit/2a48b5b3428cae494452125401e4f72780543ac8
    - fix: https://github.com/mattermost/mattermost/commit/93738756ff79777c6e340c8de63a7b4b0f881d27
    - fix: https://github.com/mattermost/mattermost/commit/aa222c66b799c12e32eeb8eae6f555bf6140375b
    - fix: https://github.com/mattermost/mattermost/commit/c84c25b20c8b8726a2f126ae9370a72498096172
    - advisory: https://github.com/advisories/GHSA-vx97-8q8q-qgq5
source:
    id: GHSA-vx97-8q8q-qgq5

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[gopherbot]

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports