Denial of Service via specially crafted block fields in Mattermost Boards

Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

未加控制的资源消耗(资源穷尽)

Mattermost 资源管理错误漏洞

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 存在安全漏洞，该漏洞源于无法正确限制 Mattermost Boards 中块的不同字段中允许的字符，从而允许攻击者通过使用特制字符串修补块的字段来消耗过多的资源，可能导致拒绝服务。

N/A

N/A