CVE-2022-1337
published 2022-04-13CVE-2022-1337: The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server_v6 | >= 0 < 6.4.2 | 6.4.2 |
| mattermost | mattermost | >= 5.37 < 5.37.9 | 5.37.9 |
| mattermost | mattermost | >= 6.2 < 6.2.5 | 6.2.5 |
| mattermost | mattermost | >= 6.3 < 6.3.5 | 6.3.5 |
| mattermost | mattermost | >= 6.4 < 6.4.2 | 6.4.2 |
| mattermost | mattermost_server | >= 5.37.0 < 5.37.9 | 5.37.9 |
| mattermost | mattermost_server | >= 6.2.0 < 6.2.5 | 6.2.5 |
| mattermost | mattermost_server | >= 6.3.0 < 6.3.5 | 6.3.5 |
| mattermost | mattermost_server | >= 6.4.0 < 6.4.2 | 6.4.2 |