x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-p2wq-4ggp-45f3

[GoVulnBot]

In GitHub Security Advisory GHSA-p2wq-4ggp-45f3, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server	9.6.1	>= 9.6.0-rc1, <= 9.6.0

Cross references:

• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.6.1", vuln range ">= 9.6.0-rc1, <= 9.6.0")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.5.3", vuln range ">= 9.5.0, <= 9.5.2")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "8.1.12", vuln range ">= 8.1.0, <= 8.1.11")
      packages:
        - package: github.com/mattermost/mattermost-server
summary: Mattermost fails to limit the size of a request path in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-22091
ghsas:
    - GHSA-p2wq-4ggp-45f3
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-22091
    - web: https://mattermost.com/security-updates
    - fix: https://github.com/mattermost/mattermost/commit/13049d8b16b195f98246dff4812b5f64c1e5a627
    - fix: https://github.com/mattermost/mattermost/commit/49e7c477246e31c7a0bd85c1043599121755b260
    - fix: https://github.com/mattermost/mattermost/commit/54478f2ccbc6c4f110706966adfe0db2c16a566c
    - fix: https://github.com/mattermost/mattermost/commit/f6d320017549ec66efb5fdd4bc10b66ab36abb70
    - advisory: https://github.com/advisories/GHSA-p2wq-4ggp-45f3
source:
    id: GHSA-p2wq-4ggp-45f3

[gopherbot]

Change https://go.dev/cl/582536 mentions this issue: data/reports: update GO-2024-2796.yaml

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[gopherbot]

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports