CVE-2021-22911
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
Produtos afetados
n/a · Rocket.Chat serverPoCs públicas encontradas — 15
githubgithub.com/CsEnox/CVE-2021-22911★ 61githubgithub.com/optionalCTF/Rocket.Chat-Automated-Account-Takeover-RCE-CVE-2021-22911★ 9githubgithub.com/Faridi-m/CVE-2021-22911-RocketChat★ 1githubgithub.com/overgrowncarrot1/CVE-2021-22911★ 0githubgithub.com/yoohhuu/Rocket-Chat-3.12.1-PoC-CVE-2021-22911-★ 0githubgithub.com/octodi/CVE-2021-22911★ 0githubgithub.com/TeneBrae93/RocketChat-NoSQLi-Chain-CVE-2021-22911★ 0githubgithub.com/MrDottt/CVE-2021-22911★ 0githubgithub.com/jayngng/CVE-2021-22911★ 0githubgithub.com/ChrisPritchard/CVE-2021-22911-rust★ 0githubgithub.com/roshanrajbanshi/rocketcat-cve-2021-22911-exploit★ 0cve_referencepacketstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/49960não verificadoexploitdbwww.exploit-db.com/exploits/50108não verificadocve_referencepacketstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlhttp://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlhttps://blog.sonarsource.com/nosql-injections-in-rocket-chathttps://hackerone.com/reports/1130721