CVSS: 9.8EPSS: 95%CPEs: 3EXPL: 12CVE-2021-22911 – Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)
https://notcve.org/view.php?id=CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. Se presenta una vulnerabilidad de saneamiento de entrada inapropiada en el servidor Rocket.Chat versiones 3.11, 3.12 y 3.13, que podría conllevar a una inyección NoSQL no autenticada, resultando potencialmente en RCE • https://www.exploit-db.com/exploits/49960 https://www.exploit-db.com/exploits/50108 https://github.com/CsEnox/CVE-2021-22911 https://github.com/optionalCTF/Rocket.Chat-Automated-Account-Takeover-RCE-CVE-2021-22911 https://github.com/jayngng/CVE-2021-22911 https://github.com/overgrowncarrot1/CVE-2021-22911 https://github.com/MrDottt/CVE-2021-22911 https://github.com/ChrisPritchard/CVE-2021-22911-rust http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code- • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •