{"id":"CVE-2017-1000493","details":"Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover","modified":"2026-04-10T03:56:20.067523Z","published":"2018-01-03T01:29:00.343Z","references":[{"type":"FIX","url":"https://github.com/RocketChat/Rocket.Chat/pull/8408"},{"type":"EVIDENCE","url":"http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rocketchat/rocket.chat","events":[{"introduced":"0"},{"last_affected":"8f9a85b92fb411fdca1f05856e222cdbbf0c120d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.59"}]}}],"versions":["0.10.0","0.10.1","0.10.2","0.11.0","0.13.0","0.14.0","0.15.0","0.16.0","0.17.0","0.18.0","0.19.0","0.23.0","0.24.0","0.25.0","0.26.0","0.27.0","0.28.0","0.29.0","0.30.0","0.36.0","0.37.0","0.37.1","0.38.0","0.39.0","0.40.0","0.40.1","0.41.0","0.42.0","0.43.0","0.44.0","0.45.0","0.46.0","0.48.0","0.49.0","0.49.1","0.49.2","0.49.3","0.49.4","0.50.0","0.54.0","0.54.1","0.56.0","0.56.0-rc.0","0.56.0-rc.1","0.56.0-rc.2","0.56.0-rc.3","0.56.0-rc.4","0.56.0-rc.5","0.56.0-rc.6","0.56.0-rc.7","0.57.0","0.57.1","0.57.2","0.58.0","0.58.1","0.58.2","0.59.0","0.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000493.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}