PT-2021-19964 · Unknown · Rocket.Chat

Erik Krogh Kristensen

Published

2021-08-30

Updated

2021-09-08

CVE-2021-32832

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 3.11.3 Rocket.Chat versions prior to 3.12.2 Rocket.Chat versions prior to 3.13

Description The issue is related to certain regular expressions in Rocket.Chat, which could potentially lead to Denial of Service. Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript.

Recommendations For versions prior to 3.11.3, update to version 3.11.3 or later. For versions prior to 3.12.2, update to version 3.12.2 or later. For versions prior to 3.13, update to version 3.13 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-32832

Affected Products

Rocket.Chat

PT-2021-19964 · Unknown · Rocket.Chat

CVE-2021-32832

Weakness Enumeration

Related Identifiers

Affected Products

References · 7