The host is installed with Mattermost version 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 and is prone to an uncontrolled resource consumption vulnerability. A flaw is present in the applications which fails to limit the number of role names requested from the API. Successful exploitation allows an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.