github.com/turt2live/matrix-media-repo is vulnerable to denial of service. An attacker could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing, causing the server to exhaust its memory in the process.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/turt2live/matrix-media-repo | le | v1.2.6 |