Resource exhaustion in Mattermost

GHSA-f37q-q7p2-ccfc · BIT-mattermost-2022-1337 · CVE-2022-1337 · GO-2022-0595

Published Apr 14, 2022 · Modified Aug 21, 2024

Description

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-1337
PACKAGE https://github.com/mattermost/mattermost-server
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes