Design/Logic Flaw

2022-01-1817:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

CPENameOperatorVersion
mattermostle6.2.0

CPE	Name	Operator	Version
	mattermost	le	6.2.0

References

hackerone.com/reports/1428260

mattermost.com/security-updates/