Mattermost Mobile app versions 2.13.0 and previous versions use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote malicious user to freeze or crash the app via a long maliciously crafted link.