GHSA-6375-pg5j-8wph
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6375-pg5j-8wph
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-6375-pg5j-8wph/GHSA-6375-pg5j-8wph.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6375-pg5j-8wph
- Aliases
- Published
- 2024-09-25T03:30:36Z
- Modified
- 2024-09-26T21:10:27Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Denial of service in rocket chat message parser
- Details
-
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.
- Database specific
{ "nvd_published_at": "2024-09-25T01:15:44Z", "cwe_ids": [ "CWE-400" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-09-25T18:51:16Z" }- References
Affected packages
npm / @rocket.chat/message-parser
Package
- Name
- @rocket.chat/message-parser
- View open source insights on deps.dev
- Purl
- pkg:npm/%40rocket.chat/message-parser