CVE-2024-46935: Denial of service in rocket chat message parser

September 25, 2024 (updated September 26, 2024)

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.

References

docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories
github.com/RocketChat/Rocket.Chat/pull/33227
github.com/RocketChat/Rocket.Chat/releases/tag/6.12.1
github.com/RocketChat/fuselage
github.com/advisories/GHSA-6375-pg5j-8wph
nvd.nist.gov/vuln/detail/CVE-2024-46935

Code Behaviors & Features

Detect and mitigate CVE-2024-46935 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →