CVE-2021-32832

ReDOS in Rocket.Chat

CVSS 4.3 MEDIUMEPSS 1.6%CWE-400

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Produtos afetados

RocketChat · Rocket.Chat

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://docs.rocket.chat/guides/security/security-updates https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3 https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/