CVE-2021-22911

Published: May 27, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

Vendor	Product	Versions
n/a	Rocket.Chat server	affected `Fixed in: 3.13.2, 3.12.4, 3.11.4`

Weaknesses (CWE)

CWE-75

References

https://hackerone.com/reports/1130721

x_refsource_MISC

http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html

x_refsource_MISC

http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html

x_refsource_MISC

https://blog.sonarsource.com/nosql-injections-in-rocket-chat

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-22911

Description

Affected Products

Weaknesses (CWE)

References