Denial of Service via Board Import Zip Bomb

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

未加控制的资源消耗(资源穷尽)

Mattermost 资源管理错误漏洞

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 存在安全漏洞，该漏洞源于无法限制在 Mattermost Boards 中的导入期间从压缩档案中提取的数据量，可能导致拒绝服务。

N/A

N/A