A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1757676 | Issue Tracking Third Party Advisory |
https://hackerone.com/reports/1757676 | Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 07:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://hackerone.com/reports/1757676 - Issue Tracking, Third Party Advisory |
Information
Published : 2023-05-11 22:15
Updated : 2024-11-21 07:54
NVD link : CVE-2023-28359
Mitre link : CVE-2023-28359
CVE.ORG link : CVE-2023-28359
JSON object : View
Products Affected
rocket.chat
- rocket.chat
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')