Home > Vulnerability Database > CVE-2024-46935

Mend.io Vulnerability Database

CVE-2024-46935

Good to know:

Date: September 23, 2024

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (6)

Url: https://github.com/RocketChat/Rocket.Chat/releases/tag/6.12.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-46935

Url: https://github.com/RocketChat/Rocket.Chat/pull/33227

Url: https://docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories

Url: https://github.com/RocketChat/fuselage

Url: https://www.mend.io/vulnerability-database/CVE-2024-46935

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version @rocket.chat/message-parser - 0.31.30

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-46935

Good to know:

Date: September 23, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?