CVE-2021-32832 Information

Jun 07, 2022 cve

Description

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3 3.12.2 and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3 3.12.2 and 3.13.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/ https://docs.rocket.chat/guides/security/security-updates https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5

Share on: