CVE-2019-20845: An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.

Affected

3 ranges

Vendor	Product	Version range	Fixed in
mattermost	mattermost_server	< 5.18.0	5.18.0
the_openjpeg_project	openjpeg2	>= 0 < 2.1.2-1.1+deb9u6ubuntu0.1~esm1	2.1.2-1.1+deb9u6ubuntu0.1~esm1
the_openjpeg_project	openjpeg2	>= 0 < 2.3.0-2ubuntu0.1~esm1	2.3.0-2ubuntu0.1~esm1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv6.5MEDIUM