Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-10-09T10:41:36.597Z
Updated: 2023-10-09T10:41:36.597Z
Reserved: 2023-10-02T12:25:25.552Z
Link: CVE-2023-5333
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-09T11:15:11.363
Modified: 2023-10-12T18:35:58.290
Link: CVE-2023-5333
JSON object: View
Redhat Information
No data.