Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint
Vulnerability Description
Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Mattermost Plugins 安全漏洞
Vulnerability Description
Mattermost Plugins是美国Mattermost公司的一个插件,提供强大的功能延伸和与服务器和网络/桌面应用程序都紧密整合。 Mattermost Plugins 2.3.1及之前版本存在安全漏洞,该漏洞源于未能限制/lifecycle Webhook端点上的请求主体大小,可能导致经过身份验证的攻击者通过发送过大的JSON有效载荷引发内存耗尽和拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A