Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
References
Link | Resource |
---|---|
https://docs.rocket.chat/guides/security/security-updates | Vendor Advisory |
https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c | Patch Third Party Advisory |
https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3 | Release Notes Third Party Advisory |
https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-08-30 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-32832
Mitre link : CVE-2021-32832
CVE.ORG link : CVE-2021-32832
JSON object : View
Products Affected
rocket.chat
- rocket.chat
CWE
CWE-400
Uncontrolled Resource Consumption