CVE-2022-1982

Uncontrolled Resource Consumption in go/github.com/mattermost/mattermost-server

Identifiers

GHSA-gwpf-95jc-63rv, CVE-2022-1982

Package Slug

go/github.com/mattermost/mattermost-server

Vulnerability

Uncontrolled Resource Consumption

Description

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

Affected Versions

All versions starting from 5.0.0 before 6.3.8 all versions starting from 6.4.0 before 6.4.3, all versions starting from 6.5.0 before 6.5.1, all versions starting from 6.6.0 before 6.6.1

Solution

Upgrade to versions 6.5.1, 6.5.1, 6.6.1, 6.3.8 or above.

Last Modified

2022-06-17

source