Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoS via Amplified GraphQL Response in Playbooks
Vulnerability Description
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.10.2版本及之前的9.10.x版本,9.11.1版本及之前的9.11.x版本和9.5.9版本及之前的9.5.x版本存在安全漏洞,该漏洞源于无法阻止在 Playbooks 中显示详细的错误消息,这允许攻击者生成大量响应并导致放大的 GraphQL 响应,进而可能通过向 Playbooks 发送特制请求导致应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A