CVE-2023-48268

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-48268

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48268.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-48268

Aliases

GHSA-j4c3-3h73-74m9

Related

Published

2023-11-27T10:15:08Z

Modified

2024-09-03T04:37:00.776986Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

90f502dc2dc80ee25cfb7d7bc3e743b53564a5a7

Last affected

4fe1024a51f22f239c19c33838dbdcf7589b7b94

Last affected

5934ff113becf755beb978cc7bd1ba6564cbbdd6

Introduced

987e843629fe3f11861fda23ceb66884f5973ef1

Last affected

77f094c7ee8c7a00be01c2df72f948a62c690b66

Affected versions

@mattermost/client@9.*

@mattermost/client@9.0.0

@mattermost/types@9.*

@mattermost/types@9.0.0

v9.*

v9.0.0

v9.0.0-rc2

v9.0.1

v9.0.1-rc1