Go Vulnerability Database

• CVE-2025-4128, GHSA-jwhw-xf5v-qgxc
• Affects: github.com/mattermost/mattermost-server, github.com/mattermost/mattermost-server/v5, and 2 more
• Published: Jun 11, 2025
• Unreviewed

Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server

• CVE-2025-4573, GHSA-4r67-4x4p-fprg
• Affects: github.com/mattermost/mattermost-server, github.com/mattermost/mattermost-server/v5, and 2 more
• Published: Jun 11, 2025
• Unreviewed

Mattermost allows authenticated administrator to execute LDAP search filter injection in github.com/mattermost/mattermost-server

• GHSA-2x5j-vhc8-9cwm
• Affects: github.com/cloudflare/circl
• Published: Jun 11, 2025
• Unreviewed

CIRCL-Fourq: Missing and wrong validation can lead to incorrect results in github.com/cloudflare/circl

• CVE-2025-4673
• Affects: net/http
• Published: Jun 11, 2025

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

• CVE-2025-0913
• Affects: syscall, os
• Published: Jun 11, 2025

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.