A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
The product does not adequately filter user-controlled input for special elements with control implications.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rocket.chat | Rocket.chat | 3.11.0 (including) | 3.11.0 (including) |
Rocket.chat | Rocket.chat | 3.12.0 (including) | 3.12.0 (including) |
Rocket.chat | Rocket.chat | 3.13.0 (including) | 3.13.0 (including) |