Vulnerability CVE-2021-22911
Published: 2021-05-27

Description:
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Rocket.Chat 3.12.1 NoSQL Injection / Code Execution
enox
08.06.2021

Type:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://hackerone.com/reports/1130721
Copyright 2024, cxsecurity.com

 

Back to Top