PT-2021-15268 · Unknown · Rocket.Chat
Sonarsource
·
Published
2021-05-27
·
Updated
2022-08-31
·
CVE-2021-22911
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rocket.Chat server versions 3.11 through 3.13
Description
A vulnerability exists due to improper input sanitization, potentially leading to unauthenticated NoSQL injection and resulting in remote code execution (RCE).
Recommendations
For Rocket.Chat server versions 3.11 through 3.13, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rocket.Chat