Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02Mzc1LXBnNWotOHdwaM4AA_wF

Denial of service in rocket chat message parser

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.

Permalink: https://github.com/advisories/GHSA-6375-pg5j-8wph
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02Mzc1LXBnNWotOHdwaM4AA_wF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 18 days ago
Updated: 17 days ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-6375-pg5j-8wph, CVE-2024-46935
References: Repository: https://github.com/RocketChat/Rocket.Chat
Blast Radius: 18.4

Affected Packages

npm:@rocket.chat/message-parser
Dependent packages: 6
Dependent repositories: 280
Downloads: 8,355 last month
Affected Version Ranges: < 0.31.30
Fixed in: 0.31.30
All affected versions: 0.23.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.30.1, 0.31.0, 0.31.1, 0.31.2, 0.31.3, 0.31.4, 0.31.5, 0.31.6, 0.31.7, 0.31.8, 0.31.9, 0.31.10, 0.31.11, 0.31.12, 0.31.13, 0.31.14, 0.31.15, 0.31.16, 0.31.17, 0.31.18, 0.31.19, 0.31.20, 0.31.21, 0.31.22, 0.31.23, 0.31.24, 0.31.25, 0.31.26, 0.31.27, 0.31.28, 0.31.29
All unaffected versions: 0.31.30, 0.31.31