Unrated severityNVD Advisory· Published Aug 30, 2021· Updated Aug 3, 2024

ReDOS in Rocket.Chat

CVE-2021-32832

Description

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.

Affected products

RocketChat/Rocket.chatv5
Range: < 3.11.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.rocket.chat/guides/security/security-updatesmitrex_refsource_MISC
github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094cmitrex_refsource_MISC
github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3mitrex_refsource_MISC
securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000