CVE-2023-5969

Mattermost vulnerable to excessive memory consumption in go/github.com/mattermost/mattermost-server/v6

Identifiers

GHSA-w496-f5qq-m58j, CVE-2023-5969

Package Slug

go/github.com/mattermost/mattermost-server/v6

Vulnerability

Mattermost vulnerable to excessive memory consumption

Description

Mattermost fails to properly sanitize the request to /api/v4/redirectlocation allowing an attacker, sending a specially crafted request to /api/v4/redirectlocation, to fill up the memory due to caching large items.

Affected Versions

All versions before 7.8.12

Solution

Upgrade to version 7.8.12 or above.

Last Modified

2023-11-09

source