Mattermost · Mattermost · CVE-2022-1337
Name of the Vulnerable Software and Affected Versions:
Mattermost versions 6.4.1 and earlier
Description:
The issue is related to the image proxy component, which can lead to resource exhaustion. An authenticated attacker can cause the server to crash by linking to very large image files, resulting in memory allocation for multiple copies of the proxied image.
Recommendations:
For Mattermost versions 6.4.1 and earlier, consider disabling the image proxy component as a temporary workaround until a patch is available. Restrict access to large image files to minimize the risk of exploitation.