Rocket.Chat: NoSQL injection in the EE ddp-streamer-service

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated attackers to manipulate MongoDB queries during authentication. The vulnerability is located in the username-based login flow where user-supplied input is directly embedded into a MongoDB query selector without validation. An attacker can inject MongoDB operator expressions (e.g., { $regex: '.*' }) in place of a username string, causing the database query to match unintended user records. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.

N/A

数据查询逻辑中特殊元素的不当中和

Rocket.Chat 安全漏洞

Rocket.Chat是Rocket.Chat公司的一个聊天软件。 Rocket.Chat 7.10.8之前版本、7.11.5之前版本、7.12.5之前版本、7.13.4之前版本、8.0.2之前版本、8.1.1之前版本和8.2.0之前版本存在安全漏洞，该漏洞源于账户服务中用户输入直接嵌入MongoDB查询选择器而未经验证，可能导致非关系型数据库注入攻击。

N/A

N/A