BIT-mattermost-2022-3257

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2022-3257.json

Aliases

CVE-2022-3257
GHSA-m7w4-q5vg-5xfp

Published

2024-03-06T11:03:00.274Z

Modified

2024-03-06T11:25:28.861Z

Details

Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

References

https://hackerone.com/reports/1620170
https://mattermost.com/security-updates/

Affected packages

Bitnami / mattermost

Package

Name: mattermost

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

7.2.0