CVE Vulnerabilities

CVE-2021-22911

Published: May 27, 2021 | Modified: Aug 30, 2022
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

Affected Software

Name Vendor Start Version End Version
Rocket.chat Rocket.chat 3.11.0 3.11.0
Rocket.chat Rocket.chat 3.12.0 3.12.0
Rocket.chat Rocket.chat 3.13.0 3.13.0

References