{"id":"CVE-2019-20871","details":"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.","modified":"2026-04-10T04:17:14.308788Z","published":"2020-06-19T16:15:10.640Z","references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-server","events":[{"introduced":"0"},{"fixed":"e1b0373e5e3283449f0e40a4b6c59f083da2f16e"},{"introduced":"7e5fda43bda67cd061e527b64046f241c2d6cc32"},{"fixed":"3ff8ae8111f37a601af0a17af95feadc23a8f7ea"},{"introduced":"24f11a12758fe75ce06269be7f9fb7bb790aec43"},{"fixed":"f1414dd14a5d282102a9261ec24c2e6b6a83ffe1"},{"introduced":"0"},{"last_affected":"c25b7fc6484760bd7a608335b49c56f0a52f27ec"},{"introduced":"0"},{"last_affected":"7bdce0de199de6342ae405283a39902817bec5ac"},{"introduced":"0"},{"last_affected":"f0643fd7effede8a64cf84d1dceafa9ee26a5d00"},{"introduced":"0"},{"last_affected":"5ef499caae2bb751438b19151a9fcb4b27830bca"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.10.8"},{"introduced":"5.7.0"},{"fixed":"5.7.3"},{"introduced":"5.8.0"},{"fixed":"5.8.1"},{"introduced":"0"},{"last_affected":"5.9.0-rc1"},{"introduced":"0"},{"last_affected":"5.9.0-rc2"},{"introduced":"0"},{"last_affected":"5.9.0-rc3"},{"introduced":"0"},{"last_affected":"5.9.0-rc4"}]}}],"versions":["v0.5.0","v4.10.0","v4.10.0-rc1","v4.10.0-rc2","v4.10.0-rc3","v4.10.0-rc4","v4.10.0-rc5","v4.10.1","v4.10.1-rc1","v4.10.2","v4.10.2-rc1","v4.10.3","v4.10.3-rc1","v4.10.4","v4.10.4-rc1","v4.10.5","v4.10.5-rc1","v4.10.6","v4.10.6-rc1","v4.10.7","v4.10.7-rc1","v4.2.0-rc1","v4.3.0-rc1","v4.4.0-rc1","v4.5.0-rc1","v4.6.0-rc1","v4.6.0-rc2","v4.7.0-rc1","v4.8.0-rc1","v4.9.0-rc1","v5.7.0","v5.7.0-rc6","v5.7.1","v5.7.1-rc1","v5.7.2","v5.7.2-rc1","v5.8.0","v5.8.0-rc4","v5.8.1-rc1","v5.9.0","v5.9.0-rc1","v5.9.0-rc2","v5.9.0-rc3","v5.9.0-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20871.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}