GHSA-m7w4-q5vg-5xfp

Source

https://github.com/advisories/GHSA-m7w4-q5vg-5xfp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-m7w4-q5vg-5xfp/GHSA-m7w4-q5vg-5xfp.json

Aliases

• BIT-mattermost-2022-3257
• CVE-2022-3257

Published

2022-09-25T00:00:21Z

Modified

2023-12-06T01:02:21.507277Z

Details

Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-3257
• https://hackerone.com/reports/1620170
• https://github.com/mattermost/mattermost-server
• https://mattermost.com/security-updates