Rocket.Chat Server RCE
Critical
R
Rocket.Chat
Submitted None
Team Summary
Official summary from Rocket.Chat
Rocket.Chat server (https://github.com/RocketChat/Rocket.Chat) has a Prototype Pollution vulnerability that leads to RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well.
Actions:
Reported by
yuske
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Command Injection - Generic