add go/github.com/mattermost/mattermost-server/CVE-2022-1982.yml to branch

df3cacdc · 🤖 GitLab Bot 🤖 · bfa9a8e3 · df3cacdc
Commit df3cacdc authored 2 years ago by 🤖 GitLab Bot 🤖
--- a/go/github.com/mattermost/mattermost-server/CVE-2022-1982.yml
+++ b/go/github.com/mattermost/mattermost-server/CVE-2022-1982.yml
+---
+identifier: "CVE-2022-1982"
+identifiers:
+- "GHSA-gwpf-95jc-63rv"
+- "CVE-2022-1982"
+package_slug: "go/github.com/mattermost/mattermost-server"
+title: "Uncontrolled Resource Consumption"
+description: "Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier
+  allows an authenticated attacker to crash the server via a crafted SVG attachment
+  on a post."
+date: "2022-06-17"
+pubdate: "2022-06-03"
+affected_range: ">=6.5.0 <6.5.1||>=6.6.0 <6.6.1||>=5.0.0 <6.3.8||>=6.4.0 <6.4.3"
+fixed_versions:
+- "6.5.1"
+- "6.5.1"
+- "6.6.1"
+- "6.3.8"
+affected_versions: "All versions starting from 6.5.0 before 6.5.1, all versions starting
+  from 6.6.0 before 6.6.1, all versions starting from 5.0.0 before 6.3.8, all versions
+  starting from 6.4.0 before 6.4.3"
+not_impacted: "All versions before 6.5.0, all versions starting from 6.5.1 before
+  6.6.0, all versions starting from 6.6.1, all versions before 5.0.0, all versions
+  starting from 6.3.8 before 6.4.0, all versions starting from 6.4.3"
+solution: "Upgrade to versions 6.5.1, 6.5.1, 6.6.1, 6.3.8 or above."
+urls:
+- "https://nvd.nist.gov/vuln/detail/CVE-2022-1982"
+- "https://mattermost.com/security-updates/"
+- "https://github.com/mattermost/mattermost-server/pull/19988"
+- "https://github.com/advisories/GHSA-gwpf-95jc-63rv"
+cvss_v2: "AV:N/AC:L/Au:S/C:N/I:N/A:P"
+cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+uuid: "894752ad-171c-4476-9156-b86d36b455cc"
+cwe_ids:
+- "CWE-1035"
+- "CWE-400"
+- "CWE-937"