x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601
Description
In GitHub Security Advisory GHSA-gwpf-95jc-63rv, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mattermost/mattermost-server | 6.3.8 | >= 5.0.0, < 6.3.8 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/mattermost/mattermost-server
versions:
- introduced: 5.0.0
fixed: 6.3.8
- package: github.com/mattermost/mattermost-server
versions:
- introduced: 6.4.0
fixed: 6.4.3
- package: github.com/mattermost/mattermost-server
versions:
- introduced: 6.5.0
fixed: 6.5.1
- package: github.com/mattermost/mattermost-server
versions:
- introduced: 6.6.0
fixed: 6.6.1
description: Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier
allows an authenticated attacker to crash the server via a crafted SVG attachment
on a post.
published: 2022-06-03T00:00:41Z
last_modified: 2022-06-17T01:01:51Z
cves:
- CVE-2022-1982
ghsas:
- GHSA-gwpf-95jc-63rv
links:
context:
- https://github.com/advisories/GHSA-gwpf-95jc-63rv