Sonarsource

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat server versions prior to 3.13.2 Rocket.Chat server versions prior to 3.12.4 Rocket.Chat server versions prior to 3.11.4 **Description** A sanitization issue exists in the Rocket.Chat server that allows queries to an endpoint, potentially resulting in a NoSQL injection and leading to remote code execution (RCE). **Recommendations** For versions prior to 3.13.2, update to version 3.13.2 or later. For versions prior to 3.12.4, update to version 3.12.4 or later. For versions prior to 3.11.4, update to version 3.11.4 or later.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat server versions 3.11 through 3.13 **Description** A vulnerability exists due to improper input sanitization, potentially leading to unauthenticated NoSQL injection and resulting in remote code execution (RCE). **Recommendations** For Rocket.Chat server versions 3.11 through 3.13, at the moment, there is no information about a newer version that contains a fix for this vulnerability.