CVE-2021-22911

Summary

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

Affected Software

VendorProductVersion RangeStatus
n/aRocket.Chat serverFixed in: 3.13.2, 3.12.4, 3.11.4affected

Weaknesses

  • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)

ADP Enrichment

CVE Program Container

Additional References

References