Security Advisory

CVE-2023-28359

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-11 00:00:00

Last updated 2025-01-27 16:52:17

Assigner hackerone

State PUBLISHED

Description

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.

← Browse all CVEs View on cve.org ↗