6 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /changes webhook endpoint. An attacker can exhaust system memory by sending an oversized JSON payload. Remediation Upgrade github.com/mattermost/mattermost-plugin-msteams/serv...
Mattermost MS Teams plugin doesn't limit the request body size on the /changes webhook endpoint
Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...
EUVD-2026-20882
Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...
CVE-2026-24661
Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...
CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint
Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...
PT-2026-31604
Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions less than or equal to 2.1.3.0 Description Mattermost Plugins versions less than or equal to 2.1.3.0 do not limit the request body size on the /changes webhook endpoint. This allows an authenticated attacker to cause...