Rocket.Chat Team - 1 mins read Jan 17, 2018

Security Vulnerability in 0.57.3, 0.58.3 and below

All users are advised to upgrade Rocket.Chat Server to 0.57.4, 0.58.4, 0.59.0 or greater.

Rocket.Chat Server version 0.58.3, 0.57.3 and prior versions are vulnerable to a NoSQL injection which can lead to an administrator account takeover.

Thank you to Steeve Barbeau for identifying and reporting the vulnerability. The details of the vulnerability will be shared in a future update.

If you have any questions, concerns or require advice please contact security@rocket.chat or chat to us on https://open.rocket.chat/channel/support.

unsplash-logoNick van den Berg

To find out where the Rocket.Chat team will be next or to learn about why people choose Rocket.Chat over other solutions, follow us on social media and our blog.