VYPR
Unrated severityOSV Advisory· Published May 11, 2023· Updated Jan 27, 2025

CVE-2023-28359

CVE-2023-28359

Description

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.

Affected products

2
  • RocketChat/Rocket.chatOSV2 versions
    0.10.0, 0.10.1, 0.10.2, …+ 1 more
    • (no CPE)range: 0.10.0, 0.10.1, 0.10.2, …
    • (no CPE)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.