CVE-2024-46935 – @rocket.chat/message-parser

Package

Manager: npm
Name: @rocket.chat/message-parser
Vulnerable Version: >=0 <0.31.30

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00213 pctl0.43843

Details

Denial of service in rocket chat message parser Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.

Metadata

Created: 2024-09-25T03:30:36Z
Modified: 2024-09-26T21:10:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-6375-pg5j-8wph/GHSA-6375-pg5j-8wph.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-6375-pg5j-8wph
Finding: F002
Auto approve: 1