CVE-2021-22910
N/A
N/A
Summary
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Rocket.Chat server | Fixed versions: 3.13.2, 3.12.4, 3.11.4 | affected |
Weaknesses
- CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.