CVE-2023-40703: Uncontrolled Resource Consumption

November 27, 2023 (updated November 28, 2023)

Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string.

References

github.com/advisories/GHSA-c37r-v8jx-7cv2
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-40703

Code Behaviors & Features

Detect and mitigate CVE-2023-40703 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →