Giang. Võ Quý

**Name of the Vulnerable Software and Affected Versions** BigBlueButton versions prior to 2.3.19 BigBlueButton versions prior to 2.4.7 BigBlueButton versions prior to 2.5.0-beta.2 **Description** The issue allows for regular expression denial of service (ReDoS) attacks. An attacker can cause denial of service for the bbb-html5 service by using a specific RegularExpression. The `lookupUserAgent()` function, which handles input by regexing, can be abused by providing a ReDoS payload using the `SmartWatch` variable. **Recommendations** For versions prior to 2.3.19, consider disabling NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. For versions prior to 2.4.7, consider disabling NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. For versions prior to 2.5.0-beta.2, consider disabling NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory.