Go module
github.com/zefhemel/matterless/mattermost-plugin
check_circle
arrow_drop_downv0.0.0-20211022102217-efefe725395f
Default versionSecurity Advisories
90
In the dependencies
Similar advisories
HTTP/2 Stream Cancellation Attack
5.3 MODERATE·GHSA-qppj-fm5r-hxr3
gRPC-Go HTTP/2 Rapid Reset vulnerability
7.5 HIGH·GHSA-m425-mq94-257g
Similar advisories
Mattermost users could access some sensitive information via API call
6.5 MODERATE·GHSA-7ggc-5r84-xf54
Similar advisories
Improper Control of a Resource Through its Lifetime in Mattermost
4.6 MODERATE·GHSA-fxwj-v664-wv5g
Similar advisories
Mattermost notified all users in the channel when using WebSockets to respond individually
4.3 MODERATE·GHSA-q7rx-w656-fwmv
Similar advisories
Mattermost viewing archived public channels permissions vulnerability
4.3 MODERATE·GHSA-w88v-pjr8-cmv2
Similar advisories
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
9.8 CRITICAL·GHSA-449p-3h89-pw88
Similar advisories
Maliciously crafted Git server replies can cause DoS on go-git clients
7.5 HIGH·GHSA-mw99-9chc-xw7r
Similar advisories
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
7.5 MODERATE·GHSA-8r3f-844c-mc37
Similar advisories
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
9.1 CRITICAL·GHSA-v778-237x-gjrc
Similar advisories
Non-linear parsing of case-insensitive content in golang.org/x/net/html
HIGH·GHSA-w32m-9786-jp63
Similar advisories
go-git clients vulnerable to DoS via maliciously crafted Git server replies
7.5 HIGH·GHSA-r9px-m959-cxf4
Similar advisories
go-git has an Argument Injection via the URL field
9.8 CRITICAL·GHSA-v725-9546-7q7m
Mattermost Uncontrolled Resource Consumption vulnerability
6.5 MODERATE·GHSA-33r7-wjfc-7w98
Mattermost Uncontrolled Resource Consumption vulnerability
5.3 MODERATE·GHSA-3487-3j7c-7gwj
Mattermost Server Missing Authorization vulnerability
4.3 MODERATE·GHSA-455c-vqrf-mghr
Mattermost Open Redirect vulnerability
4.3 MODERATE·GHSA-4ghx-8jw8-p76q
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
5.3 MODERATE·GHSA-63cv-4pc2-4fcf
Mattermost vulnerable to cross-site scripting (XSS)
5.4 MODERATE·GHSA-63f2-6959-2pxj
Mattermost does not validate requesting user permissions before updating admin details
6.7 MODERATE·GHSA-6xjj-v76v-fwpj
Mattermost Injection vulnerability
7.1 HIGH·GHSA-7664-hcp7-f497
Mattermost Incorrect Authorization vulnerability
8.8 HIGH·GHSA-7g2v-2frm-rg94
Mattermost Improper Access Control vulnerability
4.3 MODERATE·GHSA-85jj-c9jr-9jhx
Mattermost Incorrect Authorization vulnerability
6.5 MODERATE·GHSA-9hwp-cj7m-wjw4
Mattermost fails to sanitize post metadata
4.5 MODERATE·GHSA-9rww-66w7-7vjx
Mattermost Uncontrolled Resource Consumption vulnerability
4.3 MODERATE·GHSA-c37r-v8jx-7cv2
Mattermost fails to correctly delete attachments
3.1 LOW·GHSA-g3v6-r8p9-wxg9
Mattermost Incorrect Authorization vulnerability
4.3 MODERATE·GHSA-h69v-mvh9-hfrq
Mattermost Incorrect Authorization vulnerability
2.7 LOW·GHSA-h8wh-f7gw-fwpr
Mattermost Uncontrolled Resource Consumption vulnerability
4.3 MODERATE·GHSA-j4c3-3h73-74m9
Mattermost Injection vulnerability
3.1 LOW·GHSA-jcgv-3pfq-j4hr
Mattermost Improper Access Control vulnerability
4.3 MODERATE·GHSA-jj46-9cgh-qmfx
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
4.3 MODERATE·GHSA-jjr7-372r-cx7x
Mattermost fails to check if user is a guest before performing actions on public playbooks
6.3 MODERATE·GHSA-p267-jjfq-pphf
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
4.3 MODERATE·GHSA-p5pr-vm3j-jxxf
Mattermost password hash disclosure vulnerability
4.9 MODERATE·GHSA-r67m-mf7v-qp7j
Mattermost Incorrect Authorization vulnerability
2.7 LOW·GHSA-rp65-jpc7-8h8p
Mattermost vulnerable to excessive memory consumption
5.3 MODERATE·GHSA-w496-f5qq-m58j
Mattermost denial of service vulnerability
4.3 MODERATE·GHSA-xvq6-h898-wcj8
Dependents
This package has no known dependents.
Package metadata as of .
Links
- Origin
- Repo
Projects
zefhemel/matterless
GitHub
Self-hosted serverless
call_split 3 forks
star 38 stars
OpenSSF scorecard
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
View information about checks and how to fix failures.
Score
2.2/10
Scorecard as of .
Code-Review
0/10
Determines if the project requires human code review before pull requests (aka merge requests) are merged.
Reasoning
Found 0/30 approved changesets -- score normalized to 0
Token-Permissions
0/10
Determines if the project's workflows follow the principle of least privilege.
Reasoning
detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow
10/10
Determines if the project's GitHub Action workflows avoid dangerous patterns.
Reasoning
no dangerous workflow patterns detected
Maintained
0/10
Determines if the project is "actively maintained".
Reasoning
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
SAST
0/10
Determines if the project uses static code analysis.
Reasoning
no SAST tool detected
Binary-Artifacts
10/10
Determines if the project has generated executable (binary) artifacts in the source repository.
Reasoning
no binaries found in the repo
CII-Best-Practices
0/10
Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
Reasoning
no effort to earn an OpenSSF best practices badge detected
Security-Policy
0/10
Determines if the project has published a security policy.
Reasoning
security policy file not detected
Fuzzing
0/10
Determines if the project uses fuzzing.
Reasoning
project is not fuzzed
License
0/10
Determines if the project has defined a license.
Reasoning
license file not detected
Branch-Protection
0/10
Determines if the default and release branches are protected with GitHub's branch protection settings.
Reasoning
branch protection not enabled on development/release branches
Pinned-Dependencies
0/10
Determines if the project has declared and pinned the dependencies of its build process.
Reasoning
dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities
0/10
Determines if the project has open, known unfixed vulnerabilities.
Reasoning
168 existing vulnerabilities detected
Project metadata as of .