CGA-x7wq-jm64-g832

Published

Last updated

https://images.chainguard.dev/security/CGA-x7wq-jm64-g832

Package

mattermost-10.5

RepositoryWolfi

Latest Update

Not affected

Aliases

CVE-2024-1953
GHSA-vm9m-57jr-4pxh

Severity

Unknown

Summary

Mattermost fails to limit the number of role names

Description

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-1953
https://github.com/advisories/GHSA-vm9m-57jr-4pxh
https://github.com/mattermost/mattermost
https://mattermost.com/security-updates
https://pkg.go.dev/vuln/GO-2024-2594

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-x7wq-jm64-g832

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources