CVE-2023-28359

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
References
Link Resource
https://hackerone.com/reports/1757676 Issue Tracking Third Party Advisory
https://hackerone.com/reports/1757676 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:54

Type Values Removed Values Added
References () https://hackerone.com/reports/1757676 - Issue Tracking, Third Party Advisory () https://hackerone.com/reports/1757676 - Issue Tracking, Third Party Advisory

Information

Published : 2023-05-11 22:15

Updated : 2024-11-21 07:54


NVD link : CVE-2023-28359

Mitre link : CVE-2023-28359

CVE.ORG link : CVE-2023-28359


JSON object : View

Products Affected

rocket.chat

  • rocket.chat
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')