CVE-2022-3147 Information

Description

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images which allows authenticated users to cause resource exhaustion on specific system configurations resulting in server-side Denial of Service.

Reference

https://hackerone.com/reports/1549513 https://mattermost.com/security-updates/