VYPR
Unrated severityNVD Advisory· Published Jul 14, 2022· Updated Dec 6, 2024

Malicious imports can lead to Denial of Service

CVE-2022-2406

Description

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mattermost/Mattermostllm-fuzzy2 versions
    <=6.7.0+ 1 more
    • (no CPE)range: <=6.7.0
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.