tag:blogger.com,1999:blog-8240035498261095113.post6705083570158580872..comments2023-11-20T19:43:14.128+01:00Comments on REDTEAM.PL TECHBLOG: Rocket.Chat Cross-Site Scripting leading to Remote Code Execution CVE-2020-15926Adam Ziajahttp://www.blogger.com/profile/10504768161050925554noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-8240035498261095113.post-9603551238183312232020-08-31T15:42:21.442+02:002020-08-31T15:42:21.442+02:00It looks like this is the commit that fixed the vu...It looks like this is the commit that fixed the vulnerability:<br /><br />https://github.com/RocketChat/Rocket.Chat/commit/045aa94ecf14964f5c56f01fb1ab05ad1db90dbc#diff-3b52854e26fad34951e516f3c62752a2<br /><br />and it was introduced in 3.4.0 indeed with the creation of ThreadComponent class/function...<br /><br />https://github.com/RocketChat/Rocket.Chat/pull/17416/commits/15149a59a91adb76e31d239d9b4d26997e8046bcAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8240035498261095113.post-11732726213379869492020-08-20T14:26:34.975+02:002020-08-20T14:26:34.975+02:00This vulnerability only affects versions 3.4.0, 3....This vulnerability only affects versions 3.4.0, 3.4.1 and 3.4.2, all other versions are not affected.<br /><br />Rodrigo Nascimento (CTO at Rocket.Chat)Rodrigo Nascimentohttps://www.blogger.com/profile/18110057730050541844noreply@blogger.com