Mattermost: Risk from Unrestricted File Uploads

In Mattermost versions 10.1.x up to 10.1.2, 10.0.x up to 10.0.2, 9.11.x up to 9.11.4, and 9.5.x up to 9.5.12 a medium severity vulnerability CVE-2024-54682 was detected. This vulnerability allows attackers to upload specially crafted files (zip bombs) that can overload and crash the system, causing it to stop working properly. To fix this issue, users should upgrade Mattermost to versions 10.1.3, 10.0.3, 9.11.5 and 9.5.13. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-54682.