Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. CreditsDoyenSecReferenceshttps://mattermost.com/security-updates