-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient validation during zip archive extraction in board imports. While specific function names aren't provided in the advisory, Mattermost's board import functionality would require a function to handle archive processing. The standard zip bomb attack vector targets archive extraction routines that don't validate decompressed size. The confidence is high because: 1) The vulnerability description explicitly mentions zip bomb attacks during board imports 2) The CWE-400 classification matches uncontrolled resource consumption patterns 3) The affected components are all related to Mattermost's board handling infrastructure 4) The patched versions likely added size validation in the extraction process.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/mattermost/mattermost/server/v8 | go | >= 9.1.0, < 9.1.1 | 9.1.1 |
| github.com/mattermost/mattermost/server/v8 | go | >= 9.0.0, < 9.0.2 | 9.0.2 |
| github.com/mattermost/mattermost/server/v8 | go | < 8.1.4 | 8.1.4 |
| github.com/mattermost/mattermost-server/v6 | go | < 7.8.13 | 7.8.13 |
GoGoOngoing coverage of React2Shell