NoSQL injection in listEmojiCustom method call
High
R
Rocket.Chat
Submitted None
Team Summary
Official summary from Rocket.Chat
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
Actions:
Reported by
rijalrojan
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
SQL Injection