Vulnerability Description
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rocket.Chat | Rocket.Chat | < 3.11.3 |
Related Weaknesses (CWE)
References
- https://docs.rocket.chat/guides/security/security-updatesVendor Advisory
- https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d603051PatchThird Party Advisory
- https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3Release NotesThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/ExploitThird Party Advisory
- https://docs.rocket.chat/guides/security/security-updatesVendor Advisory
- https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d603051PatchThird Party Advisory
- https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3Release NotesThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/ExploitThird Party Advisory
FAQ
What is CVE-2021-32832?
CVE-2021-32832 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions coul...
How severe is CVE-2021-32832?
CVE-2021-32832 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32832?
Check the references section above for vendor advisories and patch information. Affected products include: Rocket.Chat Rocket.Chat.