CVE-2021-32832

EUVD-2021-19570
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
GitHub_MCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
rocket.chatrocket.chat
𝑥
< 3.11.3
rocket.chatrocket.chat
3.12.0 ≤
𝑥
< 3.12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.rocket.chat/guides/security/security-updates
https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c
https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3
https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/
https://docs.rocket.chat/guides/security/security-updates
https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c
https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3
https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/