CVE-2021-32832

Sažetak

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.

Reference

https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c
https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/
https://docs.rocket.chat/guides/security/security-updates
https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

08-09-2021 - 13:42

Objavljeno

30-08-2021 - 21:15