Affected by GO-2022-0540
and 18 other vulnerabilities
GO-2022-0540 : Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576 : Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595 : Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599 : Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604 : Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616 : Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2023-1939 : Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
GO-2024-2444 : Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446 : Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448 : Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450 : Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2707 : Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3164 : Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227 : Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232 : Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233 : Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234 : Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235 : Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
GO-2025-3380 : Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server
The highest tagged major version is
v6 .
Discover Packages
github.com/mattermost/mattermost-server
services
httpservice
package
Version:
v5.5.3+incompatible
Opens a new window with list of versions in this module.
Published: Jan 29, 2019
License: AGPL-3.0, Apache-2.0
Opens a new window with license information.
Imports: 8
Opens a new window with list of imports.
Imported by: 86
Opens a new window with list of known importers.
Documentation Source Files Index Constants Variables Functions Types IsReservedIP(ip) NewHTTPClient(enableInsecureConnections, allowHost, allowIP) type DialContextFunction type HTTPService type HTTPServiceImpl MakeHTTPService(configService) (h) Close() (h) MakeClient(trustURLs)
Documentation
¶
View Source
var AddressForbidden error = errors .New ("address forbidden, you may need to set AllowedUntrustedInternalConnections to allow an integration access to your internal network")
NewHTTPClient returns a variation the default implementation of Client.
It uses a Transport with the same settings as the default Transport
but with the following modifications:
shorter timeout for dial and TLS handshake (defined as constant
"connectTimeout")
timeout for the end-to-end request (defined as constant
"requestTimeout")
type HTTPService interface {
MakeClient(trustURLs bool ) *http .Client
Close()
}
Wraps the functionality for creating a new http.Client to encapsulate that and allow it to be mocked when testing
type HTTPServiceImpl struct {
}
Source Files
¶
Click to show internal directories.
Click to hide internal directories.