Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Server-side RCE through directory traversal-based arbitrary file write

Critical
R
Rocket.Chat
Submitted None

Team Summary

Official summary from Rocket.Chat

A directory traversal vulnerability in the user data download functionality leads to server-side remote code execution by an authenticated user. This vulnerability has been fixed 2 years ago.

Actions:
View on HackerOne
Reported by fabianfreyer

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Path Traversal