CVE-2024-46935
HIGHRocket.Chat < 6.7.9 - Denial of Service via Message Parser
Title source: llmDescription
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.
References (2)
Core 2
Core References
Scores
CVSS v3
7.5
EPSS
0.0059
EPSS Percentile
44.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (3)
rocket.chat/message-parser
0 - 0.31.30npm
rocket.chat/rocket.chat
6.12.0 (7 CPE variants)
rocket.chat/rocket.chat
< 6.7.9
Published
Sep 25, 2024
Tracked Since
Feb 18, 2026