Skip to content

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp#1028
Labels
excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Sep 28, 2022

In GitHub Security Advisory GHSA-m7w4-q5vg-5xfp, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
https://pkg.go.dev/github.com/mattermost/mattermost-server/v6 7.2.0 >= 7.1.0, < 7.2.0

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: 7.1.0
        fixed: 7.2.0
    packages:
      - package: https://pkg.go.dev/github.com/mattermost/mattermost-server/v6
description: Mattermost version 7.1.x and earlier fails to sufficiently process a
    specifically crafted GIF file when it is uploaded while drafting a post, which
    allows authenticated users to cause resource exhaustion while processing the file,
    resulting in server-side Denial of Service.
cves:
  - CVE-2022-3257
ghsas:
  - GHSA-m7w4-q5vg-5xfp

Metadata

Metadata

Assignees

No one assigned

    Labels

    excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions