CRITICAL🇵🇱 Wersja polska

CVE-2021-22911

CVSS 9.8v3.1pub. 2021-05-27upd. 2024-11-21

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rocket.chat

    APP
    Rocket.Chat
    3.11.03.12.03.13.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2026-48616CRITICAL9.3ten sam produkt

Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerab...

CVE-2026-29198CRITICAL9.8PL ✓ten sam produkt

Rocket.Chat — NoSQL injection umożliwiający przejęcie konta (SQLi)

CVE-2026-28514CRITICAL9.3PL ✓ten sam produkt

Rocket.Chat — pominięcie await powoduje auth bypass w ddp-streamer

CVE-2023-28316CRITICAL9.8ten sam produkt

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where o...

CVE-2022-44567CRITICAL9.8ten sam produkt

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a...