GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.

**Package**

gomod github.com/mattermost/mattermost-server (Go)

**Affected versions**

< 7.1.4

\>= 7.2.0, < 7.2.1

\>= 7.3.0, < 7.3.1

**Patched versions**

7.1.4

7.2.1

7.3.1

Headline

GHSA-v42f-hq78-8c5m: Denial of service in Mattermost

ghsa: Latest News