CVE-2021-37865

2022-01-1817:15:08

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

CPENameOperatorVersion
mattermosteq3.7.3
mattermosteq4.10.0-rc4
mattermosteq5.1.0-rc2
mattermosteq5.1.0-rc4
mattermosteqcloud-2020-12-08
mattermosteq6.2.0
mattermosteq5.3.0-rc1
mattermosteq1.1.1
mattermosteq4.7.2-rc3
mattermosteq3.0.0

Name	Operator	Version
mattermost	eq	3.7.3
mattermost	eq	4.10.0-rc4
mattermost	eq	5.1.0-rc2
mattermost	eq	5.1.0-rc4
mattermost	eq	cloud-2020-12-08
mattermost	eq	6.2.0
mattermost	eq	5.3.0-rc1
mattermost	eq	1.1.1
mattermost	eq	4.7.2-rc3
mattermost	eq	3.0.0