CVE-2023-5196: Mattermost Uncontrolled Resource Consumption vulnerability

September 29, 2023

Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.

References

github.com/advisories/GHSA-33r7-wjfc-7w98
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-5196

Detect and mitigate CVE-2023-5196 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →