Vulnerability Details CVE-2022-1337
The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.2%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
Products affected by CVE-2022-1337
-
cpe:2.3:a:mattermost:mattermost_server:5.37.0
-
cpe:2.3:a:mattermost:mattermost_server:5.37.1
-
cpe:2.3:a:mattermost:mattermost_server:5.37.2
-
cpe:2.3:a:mattermost:mattermost_server:5.37.3
-
cpe:2.3:a:mattermost:mattermost_server:5.37.4
-
cpe:2.3:a:mattermost:mattermost_server:5.37.5
-
cpe:2.3:a:mattermost:mattermost_server:5.37.6
-
cpe:2.3:a:mattermost:mattermost_server:5.37.7
-
cpe:2.3:a:mattermost:mattermost_server:5.37.8
-
cpe:2.3:a:mattermost:mattermost_server:6.2.0
-
cpe:2.3:a:mattermost:mattermost_server:6.2.1
-
cpe:2.3:a:mattermost:mattermost_server:6.2.2
-
cpe:2.3:a:mattermost:mattermost_server:6.2.3
-
cpe:2.3:a:mattermost:mattermost_server:6.2.4
-
cpe:2.3:a:mattermost:mattermost_server:6.3.0
-
cpe:2.3:a:mattermost:mattermost_server:6.3.1
-
cpe:2.3:a:mattermost:mattermost_server:6.3.2
-
cpe:2.3:a:mattermost:mattermost_server:6.3.3
-
cpe:2.3:a:mattermost:mattermost_server:6.3.4
-
cpe:2.3:a:mattermost:mattermost_server:6.4.0
-
cpe:2.3:a:mattermost:mattermost_server:6.4.1