CVE-2023-5969

Mattermost vulnerable to excessive memory consumption in go/github.com/mattermost/mattermost/server/v8

Identifiers

GHSA-w496-f5qq-m58j, CVE-2023-5969

Package Slug

go/github.com/mattermost/mattermost/server/v8

Vulnerability

Mattermost vulnerable to excessive memory consumption

Description

Mattermost fails to properly sanitize the request to /api/v4/redirectlocation allowing an attacker, sending a specially crafted request to /api/v4/redirectlocation, to fill up the memory due to caching large items.

Affected Versions

All versions starting from 8.0.0 before 8.0.4, all versions starting from 8.1.0 before 8.1.3, version 9.0.0

Solution

Upgrade to versions 8.0.4, 8.1.3, 9.0.1 or above.

Last Modified

2023-11-09

source