Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02Mzc1LXBnNWotOHdwaM4AA_wF
Denial of service in rocket chat message parser
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.
Permalink: https://github.com/advisories/GHSA-6375-pg5j-8wphJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02Mzc1LXBnNWotOHdwaM4AA_wF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 18 days ago
Updated: 17 days ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-6375-pg5j-8wph, CVE-2024-46935
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-46935
- https://github.com/RocketChat/Rocket.Chat/pull/33227
- https://docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories
- https://github.com/RocketChat/Rocket.Chat/releases/tag/6.12.1
- https://github.com/advisories/GHSA-6375-pg5j-8wph
Blast Radius: 18.4
Affected Packages
npm:@rocket.chat/message-parser
Dependent packages: 6Dependent repositories: 280
Downloads: 8,355 last month
Affected Version Ranges: < 0.31.30
Fixed in: 0.31.30
All affected versions: 0.23.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.30.1, 0.31.0, 0.31.1, 0.31.2, 0.31.3, 0.31.4, 0.31.5, 0.31.6, 0.31.7, 0.31.8, 0.31.9, 0.31.10, 0.31.11, 0.31.12, 0.31.13, 0.31.14, 0.31.15, 0.31.16, 0.31.17, 0.31.18, 0.31.19, 0.31.20, 0.31.21, 0.31.22, 0.31.23, 0.31.24, 0.31.25, 0.31.26, 0.31.27, 0.31.28, 0.31.29
All unaffected versions: 0.31.30, 0.31.31