Posted by Moe Szyslak on Dec 21
Rocket.Chat has fixed a server-side path traversal vulnerability that may
be abused to write files to attacker-controlled locations:
Exploitation of this vulnerability requires uploading attachments with
crafted names and requesting a data download.
No release of Rocket.Chat contains these fixes. Users should consider
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.