CRITICAL🇬🇧 English

CVE-2021-22910

CVSS 9.8v3.1pub. 2021-08-09upd. 2024-11-21

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rocket.chat

    APP
    Rocket.Chat
    < 3.11.43.12.0 – 3.12.4 (bez)3.13.0 – 3.13.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2026-48616CRITICAL9.3ten sam produkt

Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerab...

CVE-2026-29198CRITICAL9.8PL ✓ten sam produkt

Rocket.Chat — NoSQL injection umożliwiający przejęcie konta (SQLi)

CVE-2026-28514CRITICAL9.3PL ✓ten sam produkt

Rocket.Chat — pominięcie await powoduje auth bypass w ddp-streamer

CVE-2023-28316CRITICAL9.8ten sam produkt

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where o...

CVE-2022-44567CRITICAL9.8ten sam produkt

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a...