CVE-2021-32832
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RocketChat | Rocket.Chat | < 3.11.3 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
ADP Enrichment
CVE Program Container
Additional References
- https://docs.rocket.chat/guides/security/security-updates
- https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/
- https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3
- https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c
References
- https://docs.rocket.chat/guides/security/security-updates
- https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/
- https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3
- https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.