← back
CVE-2021-32832

ReDOS in Rocket.Chat

CVSS 4.3 MEDIUMEPSS 1.6%CWE-400
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected products
RocketChat · Rocket.Chat

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.rocket.chat/guides/security/security-updateshttps://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094chttps://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/