Rocket.Chat Path Traversal

Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Moe Szyslak on Dec 21

Rocket.Chat has fixed a server-side path traversal vulnerability that may
be abused to write files to attacker-controlled locations:

https://github.com/RocketChat/Rocket.Chat/commit/f5c7d94bffb279d7a2f859773935fb5cf70c81cd

Exploitation of this vulnerability requires uploading attachments with
crafted names and requesting a data download.

No release of Rocket.Chat contains these fixes. Users should consider
cherrypicking…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Available for Amazon Prime