CVE-2022-1982

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1982

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1982.json

Aliases

BIT-mattermost-2022-1982
GHSA-gwpf-95jc-63rv

Published

2022-06-02T18:15:08Z

Modified

2023-12-06T01:01:53.852903Z

Details

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

86a797bc64e7448dbfaa670ed6b8fd7b437e97c3

Fixed

546344be9c73c865678f9ecb6ebfa51b4cb4af9d

Introduced

85a75526c7c03fca1d14a39cfb3f2638d98d3fe1

Affected versions

v6.*

v6.4.0

v6.4.1

v6.4.2