CVE-2021-32832: ReDOS in Rocket.Chat
First published: Mon Aug 30 2021(Updated: )
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rocket.Chat Rocket.Chat | <3.11.3 | |
| Rocket.Chat Rocket.Chat | >=3.12.0<3.12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- agent/remedy
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/rocket.chat
- canonical/rocket.chat rocket.chat
- version/rocket.chat rocket.chat/3.12.0