Skip to main content

Zulip Server CVE-2019-16215

MEDIUM
Inefficient Regular Expression Complexity (ReDoS) (CWE-1333)
2019-09-18 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 18, 2019 - 12:15 nvd
MEDIUM 6.5

DescriptionNVD

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.

AnalysisAI

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-1333. The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages. Affected products include: Zulip Zulip Server. Version information: before 2.0.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-21706 CRITICAL
9.8 Feb 26

Zulip is an open-source team collaboration tool with topic-based threading. Rated critical severity (CVSS 9.8), this vul

CVE-2019-18933 CRITICAL
9.8 Nov 21

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registere

CVE-2020-10935 MEDIUM POC
5.4 Apr 20

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. Rated medium severity (CVSS 5

CVE-2017-0910 HIGH
8.8 Nov 27

In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authori

CVE-2020-15070 HIGH
8.8 Aug 21

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres

CVE-2025-31478 HIGH
8.2 Apr 16

Zulip is an open-source team collaboration tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploita

CVE-2024-36612 HIGH
7.5 Nov 29

Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. Rated high severity (CVSS 7.5),

CVE-2020-14215 HIGH
7.5 Aug 21

Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrato

CVE-2025-52559 MEDIUM
6.8 Jul 02

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL

CVE-2017-0896 MEDIUM
6.5 Jun 02

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zuli

CVE-2024-27286 MEDIUM
6.5 Mar 20

Zulip is an open-source team collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploi

CVE-2023-32678 MEDIUM
6.5 Aug 25

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium se

Share

CVE-2019-16215 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy