6.5
CVE-2021-32832
- EPSS 1.62%
- Veröffentlicht 30.08.2021 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:07:50
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginReDOS in Rocket.Chat
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rocket.Chat ≫ Rocket.Chat Version < 3.11.3
Rocket.Chat ≫ Rocket.Chat Version >= 3.12.0 < 3.12.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.62% | 0.73 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
https://docs.rocket.chat/guides/security/security-updates
https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c
https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3
https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/