NoSQL Injection Vulnerability in Rocket.Chat's listEmojiCustom Method

NoSQL Injection Vulnerability in Rocket.Chat's listEmojiCustom Method

CVE-2023-28359 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.