GCVE - cpe:2.3:a:n/a:rocket.chat_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:rocket.chat_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Rocket.Chat Server (`0bc82c5c-c888-5a4e-b4cc-62c0057d824e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-22911`	vulnerable	2026-06-08 05:30:01.848504	Details available A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. Published: 2021-05-27T11:14:39.000Z Updated: 2024-08-03T18:58:25.847Z Open on db.gcve.eu Reference links https://hackerone.com/reports/1130721 http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html https://blog.sonarsource.com/nosql-injections-in-rocket-chat	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22910`	vulnerable	2026-06-08 05:30:01.848113	Details available A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. Published: 2021-08-09T12:27:46.000Z Updated: 2024-08-03T18:58:26.282Z Open on db.gcve.eu Reference links https://hackerone.com/reports/1130874 https://blog.sonarsource.com/nosql-injections-in-rocket-chat/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22892`	vulnerable	2026-06-08 05:30:01.749795	Details available An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. Published: 2021-05-27T11:14:43.000Z Updated: 2024-08-03T18:58:25.414Z Open on db.gcve.eu Reference links https://hackerone.com/reports/1089116	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-8292`	vulnerable	2026-06-08 05:27:15.562619	Details available Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. Published: 2021-01-21T19:13:28.000Z Updated: 2024-08-04T09:56:28.322Z Open on db.gcve.eu Reference links https://docs.rocket.chat/guides/security/security-updates https://hackerone.com/reports/962902	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-8291`	vulnerable	2026-06-08 05:27:15.562317	Details available A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks. Published: 2021-10-18T12:48:17.000Z Updated: 2024-08-04T09:56:28.388Z Open on db.gcve.eu Reference links https://github.com/RocketChat/Rocket.Chat/pull/19854	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-8288`	vulnerable	2026-06-08 05:27:15.556948	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.