CVE-2023-48268

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-48268

CGA ID

CGA-5g95-w7p5-52fm

Severity

Unknown

Description

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

References

https://images.chainguard.dev/security/CGA-5g95-w7p5-52fm
https://github.com/advisories/GHSA-j4c3-3h73-74m9
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-48268

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources