Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12bTltLTU3anItNHB4aM4AA5qH
Mattermost fails to limit the number of role names
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.
Permalink: https://github.com/advisories/GHSA-vm9m-57jr-4pxhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12bTltLTU3anItNHB4aM4AA5qH
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-vm9m-57jr-4pxh, CVE-2024-1953
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-1953
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-vm9m-57jr-4pxh
Affected Packages
go:github.com/mattermost/mattermost/server/v8
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: < 8.1.9, >= 9.2.0, < 9.2.5, >= 9.3.0, < 9.3.1, >= 9.4.0, < 9.4.2
Fixed in: 8.1.9, 9.2.5, 9.3.1, 9.4.2
All affected versions:
All unaffected versions: