CVE-2023-28359

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-28359

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28359.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28359

Published

2023-05-11T22:15:10.057Z

Modified

2026-04-10T04:57:17.635484Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.

References

https://hackerone.com/reports/1757676

Affected packages

Git / github.com/rocketchat/rocket.chat

Affected ranges

Type

GIT

Repo

https://github.com/rocketchat/rocket.chat

Events

Introduced

Fixed

aa8f0ec70b2267af55d9ce9a3e3abfe7ff6c0a37

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.0"
        }
    ]
}

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.11.0

0.13.0

0.14.0

0.15.0

0.16.0

0.17.0

0.18.0

0.19.0

0.23.0

0.24.0

0.25.0

0.26.0

0.27.0

0.28.0

0.29.0

0.30.0

0.36.0

0.37.0

0.37.1

0.38.0

0.39.0

0.40.0

0.40.1

0.41.0

0.42.0

0.43.0

0.44.0

0.45.0

0.46.0

0.48.0

0.49.0

0.49.1

0.49.2

0.49.3

0.49.4

0.50.0

0.54.0

0.54.1

0.56.0

0.56.0-rc.0

0.56.0-rc.1

0.56.0-rc.2

0.56.0-rc.3

0.56.0-rc.4

0.56.0-rc.5

0.56.0-rc.6

0.56.0-rc.7

0.57.0

0.57.1

0.57.2

0.58.0

0.58.1

0.58.2

0.59.0

0.59.1

0.59.2

0.59.3

0.59.4

0.59.5

0.59.6

0.60.0

0.60.1

0.60.2

0.60.3

0.60.4

0.61.0

0.61.1

0.61.2

0.62.0

0.62.1

0.62.2

0.63.0

0.63.1

0.63.2

0.63.3

0.64.0

0.64.1

0.64.2

0.65.0

0.65.1

0.65.2

0.66.0

0.66.1

0.66.2

0.66.3

0.67.0

0.68.0

0.68.1

0.68.2

0.68.3

0.68.4

0.68.5

0.69.0

0.69.1

0.69.2

0.70.0

0.70.1

0.70.2

0.70.3

0.70.4

0.71.0

0.71.1

0.72.0

0.72.1

0.72.2

0.72.3

0.73.0

0.73.1

0.73.2

0.74.0

0.74.1

0.74.2

0.74.3

0.8.0

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

2.*

2.0.0

2.1.0

2.1.1

2.1.2

2.2.0

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

3.*

3.0.0

3.0.1

3.0.10

3.0.11

3.0.12

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.10.0

3.10.1

3.10.2

3.10.3

3.10.4

3.10.5

3.11.0

3.11.1

3.12.0

3.12.1

3.12.2

3.12.3

3.13.0

3.13.1

3.13.2

3.13.3

3.14.0

3.14.1

3.14.2

3.14.3

3.14.4

3.15.0

3.15.1

3.15.2

3.16.0

3.16.1

3.16.2

3.16.3

3.16.4

3.17.0

3.17.1

3.17.2

3.18.0

3.18.1

3.18.2

3.2.0

3.2.1

3.2.2

3.3.0

3.3.1

3.3.2

3.3.3

3.4.0

3.4.1

3.4.2

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.6.2

3.6.3

3.7.0

3.7.1

3.7.2

3.8.0

3.8.1

3.8.2

3.9.0

3.9.1

3.9.2

3.9.3

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.1.0

4.1.1

4.1.2

4.2.0

4.2.1

4.2.2

4.3.0

4.3.1

4.3.2

4.3.3

4.4.0

4.4.1

4.4.2

4.4.4

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.6.0

4.6.1

4.6.2

4.6.3

4.7.0

4.7.1

4.7.2

4.7.3

4.8.0

4.8.2

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.1.0

5.1.1

5.1.3

5.1.4

5.2.0

5.3.0

5.3.1

5.3.2

5.3.4

5.3.5

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28359.json"