CVE-2024-28053 – github.com/mattermost/mattermost-server/v5

Package

Manager: go
Name: github.com/mattermost/mattermost-server/v5
Vulnerable Version: >=0 <0.0.0-20240209181221-674f549daf0e

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00056 pctl0.17476

Details

Mattermost Server Resource Exhaustion Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.

Metadata

Created: 2024-03-15T09:30:37Z
Modified: 2024-12-18T19:21:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-qqc8-rv37-79q5/GHSA-qqc8-rv37-79q5.json
CWE IDs: ["CWE-400", "CWE-770"]
Alternative ID: GHSA-qqc8-rv37-79q5
Finding: F067
Auto approve: 1