[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-18891":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":32,"related":33,"reserved_at":9,"published_at":35,"modified_at":36,"state":37,"summary":38,"references_raw":47,"kevs":79,"epss":80,"epss_history":83,"metrics":346,"affected":359},"CVE-2017-18891","An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-601","URL Redirection to Untrusted Site ('Open Redirect')","The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.","weakness","Draft","Base","Low",[20],{"id":21,"name":22,"techniques":23},"CAPEC-178","Cross-Site Flashing",[],[],[26,27],"GHSA-vrh2-rprg-rgc6","GO-2026-4298",[],[30],{"_key":31},"SUSE-SU-2026:0142-1",[],[34],{"_key":31},"2020-06-19T18:08:50.000Z","2024-08-05T21:37:44.282Z","Modified",{"cisa_kev":39,"cisa_ransomware":39,"cisa_vendor":9,"epss_severity":40,"epss_score":41,"severity":42,"severity_score":43,"severity_version":44,"severity_source":45,"severity_vector":46,"severity_status":37},false,"low",0.00197,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[48,55,61,66,71,75],{"url":49,"sources":50,"tags":52},"https://mattermost.com/security-updates/",[51,45],"cve.org",[53,54],"X Refsource CONFIRM","Vendor Advisory",{"url":56,"sources":57,"tags":59},"https://nvd.nist.gov/vuln/detail/CVE-2017-18891",[58],"osv_go",[60],"Advisory",{"url":62,"sources":63,"tags":64},"https://github.com/mattermost/mattermost/pull/7378",[58],[65],"WEB",{"url":67,"sources":68,"tags":69},"https://github.com/mattermost/mattermost",[58],[70],"PACKAGE",{"url":72,"sources":73,"tags":74},"https://mattermost.com/security-updates",[58],[65],{"url":76,"sources":77,"tags":78},"https://github.com/advisories/GHSA-vrh2-rprg-rgc6",[58],[60],[],{"date":81,"score":41,"percentile":82},"2026-06-05",0.41535,[84,87,90,93,96,99,102,105,108,111,114,117,120,123,126,129,132,134,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,187,190,193,196,199,201,204,206,209,211,214,217,220,223,226,229,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,281,284,287,290,293,296,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343],{"date":85,"score":41,"percentile":86},"2025-11-04",0.41897,{"date":88,"score":41,"percentile":89},"2025-11-05",0.41885,{"date":91,"score":41,"percentile":92},"2025-11-06",0.41898,{"date":94,"score":41,"percentile":95},"2025-11-07",0.41924,{"date":97,"score":41,"percentile":98},"2025-11-08",0.41916,{"date":100,"score":41,"percentile":101},"2025-11-09",0.41894,{"date":103,"score":41,"percentile":104},"2025-11-10",0.4186,{"date":106,"score":41,"percentile":107},"2025-11-11",0.41874,{"date":109,"score":41,"percentile":110},"2025-11-12",0.41907,{"date":112,"score":41,"percentile":113},"2025-11-13",0.41921,{"date":115,"score":41,"percentile":116},"2025-11-14",0.41923,{"date":118,"score":41,"percentile":119},"2025-11-15",0.4192,{"date":121,"score":41,"percentile":122},"2025-11-16",0.41908,{"date":124,"score":41,"percentile":125},"2025-11-17",0.41878,{"date":127,"score":41,"percentile":128},"2025-11-18",0.37198,{"date":130,"score":41,"percentile":131},"2025-11-19",0.37205,{"date":133,"score":41,"percentile":128},"2025-11-20",{"date":135,"score":41,"percentile":136},"2025-11-21",0.41875,{"date":138,"score":41,"percentile":139},"2025-11-22",0.41877,{"date":141,"score":41,"percentile":142},"2025-11-23",0.41849,{"date":144,"score":41,"percentile":145},"2025-11-24",0.41839,{"date":147,"score":41,"percentile":148},"2025-11-25",0.41853,{"date":150,"score":41,"percentile":151},"2025-11-26",0.41848,{"date":153,"score":41,"percentile":154},"2025-11-27",0.41852,{"date":156,"score":41,"percentile":157},"2025-11-28",0.41824,{"date":159,"score":41,"percentile":160},"2025-11-29",0.41799,{"date":162,"score":41,"percentile":163},"2025-11-30",0.41777,{"date":165,"score":41,"percentile":166},"2025-12-01",0.41899,{"date":168,"score":41,"percentile":169},"2025-12-02",0.41909,{"date":171,"score":41,"percentile":172},"2025-12-03",0.41911,{"date":174,"score":41,"percentile":175},"2025-12-04",0.41776,{"date":177,"score":41,"percentile":178},"2025-12-05",0.418,{"date":180,"score":41,"percentile":181},"2025-12-06",0.4179,{"date":183,"score":41,"percentile":184},"2025-12-07",0.41769,{"date":186,"score":41,"percentile":175},"2025-12-08",{"date":188,"score":41,"percentile":189},"2025-12-09",0.4181,{"date":191,"score":41,"percentile":192},"2025-12-10",0.4187,{"date":194,"score":41,"percentile":195},"2025-12-11",0.419,{"date":197,"score":41,"percentile":198},"2025-12-12",0.41927,{"date":200,"score":41,"percentile":172},"2025-12-13",{"date":202,"score":41,"percentile":203},"2025-12-14",0.41867,{"date":205,"score":41,"percentile":154},"2025-12-15",{"date":207,"score":41,"percentile":208},"2025-12-16",0.41881,{"date":210,"score":41,"percentile":95},"2025-12-17",{"date":212,"score":41,"percentile":213},"2025-12-18",0.41962,{"date":215,"score":41,"percentile":216},"2025-12-19",0.41976,{"date":218,"score":41,"percentile":219},"2025-12-20",0.41955,{"date":221,"score":41,"percentile":222},"2025-12-21",0.41915,{"date":224,"score":41,"percentile":225},"2025-12-22",0.41888,{"date":227,"score":41,"percentile":228},"2025-12-23",0.41891,{"date":230,"score":41,"percentile":110},"2025-12-24",{"date":232,"score":41,"percentile":233},"2025-12-25",0.41956,{"date":235,"score":41,"percentile":236},"2025-12-26",0.41938,{"date":238,"score":41,"percentile":239},"2025-12-27",0.4195,{"date":241,"score":41,"percentile":242},"2025-12-28",0.41868,{"date":244,"score":41,"percentile":245},"2025-12-29",0.41851,{"date":247,"score":41,"percentile":248},"2025-12-30",0.41842,{"date":250,"score":41,"percentile":251},"2025-12-31",0.41887,{"date":253,"score":41,"percentile":254},"2026-01-01",0.42021,{"date":256,"score":41,"percentile":257},"2026-01-02",0.41996,{"date":259,"score":41,"percentile":260},"2026-01-03",0.41986,{"date":262,"score":41,"percentile":263},"2026-01-04",0.41829,{"date":265,"score":41,"percentile":266},"2026-01-05",0.41804,{"date":268,"score":41,"percentile":269},"2026-01-06",0.41806,{"date":271,"score":41,"percentile":272},"2026-01-07",0.41828,{"date":274,"score":41,"percentile":275},"2026-01-08",0.41856,{"date":277,"score":41,"percentile":278},"2026-01-09",0.41838,{"date":280,"score":41,"percentile":278},"2026-01-10",{"date":282,"score":41,"percentile":283},"2026-01-11",0.41807,{"date":285,"score":41,"percentile":286},"2026-01-12",0.41759,{"date":288,"score":41,"percentile":289},"2026-01-13",0.41736,{"date":291,"score":41,"percentile":292},"2026-01-14",0.41785,{"date":294,"score":41,"percentile":295},"2026-01-15",0.41778,{"date":297,"score":41,"percentile":160},"2026-01-16",{"date":299,"score":41,"percentile":300},"2026-01-17",0.41773,{"date":302,"score":41,"percentile":303},"2026-01-18",0.41741,{"date":305,"score":41,"percentile":306},"2026-01-19",0.41708,{"date":308,"score":41,"percentile":309},"2026-01-20",0.41695,{"date":311,"score":41,"percentile":312},"2026-01-21",0.41696,{"date":314,"score":41,"percentile":315},"2026-01-22",0.4169,{"date":317,"score":41,"percentile":318},"2026-01-23",0.4175,{"date":320,"score":41,"percentile":321},"2026-01-24",0.4176,{"date":323,"score":41,"percentile":324},"2026-01-25",0.41707,{"date":326,"score":41,"percentile":327},"2026-01-26",0.41664,{"date":329,"score":41,"percentile":330},"2026-01-27",0.41662,{"date":332,"score":41,"percentile":333},"2026-01-28",0.41657,{"date":335,"score":41,"percentile":336},"2026-01-29",0.41638,{"date":338,"score":41,"percentile":339},"2026-01-30",0.41646,{"date":341,"score":41,"percentile":342},"2026-01-31",0.41651,{"date":344,"score":41,"percentile":345},"2026-02-01",0.41761,[347,357],{"source":45,"cvss_v2_0":348,"cvss_v3_0":9,"cvss_v3_1":353,"cvss_v4_0":9},{"baseScore":349,"baseSeverity":9,"vectorString":350,"impactScore":351,"exploitabilityScore":352},5.8,"AV:N/AC:M/Au:N/C:P/I:P/A:N",4.9,8.6,{"baseScore":43,"baseSeverity":354,"vectorString":46,"impactScore":355,"exploitabilityScore":356},"MEDIUM",4.5,7.2,{"source":58,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":358,"cvss_v4_0":9},{"baseScore":43,"baseSeverity":9,"vectorString":46,"impactScore":355,"exploitabilityScore":356},[360,386],{"ecosystem":361,"name":362,"vendor":363,"product":364,"cpe_part":9,"purl_type":365,"purl_namespace":363,"purl_name":364,"source":9,"versions":366},"Go","github.com/mattermost/mattermost-server","github.com/mattermost","mattermost-server","golang",[367,375,378,382],{"version":368,"is_range":369,"range_type":370,"version_start":371,"version_start_type":372,"version_end":373,"version_end_type":374,"fixed_in":9},"gte4_2_0_rc1+incompatible_lt4_2_0+incompatible",true,"semver","4.2.0-rc1+incompatible","including","4.2.0+incompatible","excluding",{"version":376,"is_range":369,"range_type":370,"version_start":9,"version_start_type":9,"version_end":377,"version_end_type":374,"fixed_in":9},"lt4_0_5","4.0.5",{"version":379,"is_range":369,"range_type":370,"version_start":380,"version_start_type":372,"version_end":381,"version_end_type":374,"fixed_in":9},"gte4_1_0_lt4_1_1","4.1.0","4.1.1",{"version":383,"is_range":369,"range_type":370,"version_start":384,"version_start_type":372,"version_end":385,"version_end_type":374,"fixed_in":9},"gte4_2_0_rc1_lt4_2_0","4.2.0-rc1","4.2.0",{"ecosystem":9,"name":387,"vendor":388,"product":389,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":391},"mattermost server","mattermost","mattermost_server","a",[392,395,397,399,401,403],{"version":393,"is_range":369,"range_type":394,"version_start":9,"version_start_type":9,"version_end":377,"version_end_type":374,"fixed_in":9},"lt4.0.5","cpe",{"version":396,"is_range":369,"range_type":394,"version_start":380,"version_start_type":372,"version_end":381,"version_end_type":374,"fixed_in":9},"gte4.1.0_lt4.1.1",{"version":398,"is_range":39,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc1",{"version":400,"is_range":39,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc2",{"version":402,"is_range":39,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc3",{"version":404,"is_range":39,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc4"]