GHSA-gwpf-95jc-63rv

Source

https://github.com/advisories/GHSA-gwpf-95jc-63rv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-gwpf-95jc-63rv/GHSA-gwpf-95jc-63rv.json

Aliases

Published

2022-06-03T00:00:41Z

Modified

2023-12-06T01:01:53.852903Z

Details

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

References

Affected packages

Go / github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

6.6.0

Fixed

6.6.1

Go / github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

6.5.0

Fixed

6.5.1

Go / github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

6.4.0

Fixed

6.4.3

Go / github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

5.0.0

Fixed

6.3.8