CVE-2023-48268: Uncontrolled Resource Consumption

November 27, 2023 (updated November 28, 2023)

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

References

github.com/advisories/GHSA-j4c3-3h73-74m9
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-48268

Detect and mitigate CVE-2023-48268 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →