CVE-2022-3257
published 2022-09-23CVE-2022-3257: Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server_v6 | >= 7.1.0 < 7.2.0 | 7.2.0 |
| mattermost | mattermost | unspecified – 7.1.x | — |
| mattermost | mattermost_server | < 7.2.0 | 7.2.0 |