{"id":"GHSA-6375-pg5j-8wph","summary":"Denial of service in rocket chat message parser","details":"Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.","aliases":["CVE-2024-46935"],"modified":"2024-09-26T21:10:27Z","published":"2024-09-25T03:30:36Z","database_specific":{"nvd_published_at":"2024-09-25T01:15:44Z","github_reviewed":true,"cwe_ids":["CWE-400"],"github_reviewed_at":"2024-09-25T18:51:16Z","severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46935"},{"type":"WEB","url":"https://github.com/RocketChat/Rocket.Chat/pull/33227"},{"type":"WEB","url":"https://docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories"},{"type":"WEB","url":"https://github.com/RocketChat/Rocket.Chat/releases/tag/6.12.1"},{"type":"PACKAGE","url":"https://github.com/RocketChat/fuselage"}],"affected":[{"package":{"name":"@rocket.chat/message-parser","ecosystem":"npm","purl":"pkg:npm/%40rocket.chat/message-parser"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.31.30"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-6375-pg5j-8wph/GHSA-6375-pg5j-8wph.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}]}