CVE-2021-32832

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c", "name": "https://github.com/RocketChat/Rocket.Chat/commit/4a0dce973e37ec3f56ca2231d6030511dbdd094c", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/", "name": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://docs.rocket.chat/guides/security/security-updates", "name": "https://docs.rocket.chat/guides/security/security-updates", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3", "name": "https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-400"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-32832", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2021-08-30T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.11.3"}, {"cpe23Uri": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.12.2", "versionStartIncluding": "3.12.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-09-08T13:42Z"}