Uncontrolled Resource Consumption ('Resource Exhaustion') Affecting github.com/mattermost/mattermost-server/v6 package, versions *
Threat Intelligence
EPSS
0.05% (18th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERV6-6094985
- published 29 Nov 2023
- disclosed 27 Nov 2023
- credit Unknown
Introduced: 27 Nov 2023
CVE-2023-48268 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
github.com/mattermost/mattermost-server/v6 is an open source, private cloud, Slack-alternative.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the lack of data extraction limits from compressed archives during board import. An attacker can consume excessive resources, potentially leading to a denial of service, by importing a board using a specially crafted zip (zip bomb).
References
CVSS Scores
version 3.1