Zammad · Zammad · CVE-2020-10101
**Name of the Vulnerable Software and Affected Versions**
Zammad versions 3.0 through 3.2
**Description**
An issue was discovered where the WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors are not handled, leading to a crash of the service process.
**Recommendations**
For Zammad versions 3.0 through 3.2, as a temporary workaround, consider disabling the WebSocket server until a patch is available. Restrict access to the WebSocket endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.