cvedb.io
CVE-2023-28359
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2023-05-11T22:15:10.057 · Last modified 2026-06-17T05:47:32.407

Summary

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.

Affected products

rocket.chat — rocket.chat

Does this affect you?

Add your gear to cvedb and we'll alert you only when rocket.chat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.