Security Vulnerability in 0.57.3, 0.58.3 and below

Gabriel Engel
January 17, 2018
·
min read

All users are advised to upgrade Rocket.Chat Server to 0.57.4, 0.58.4, 0.59.0 or greater.Rocket.Chat Server version 0.58.3, 0.57.3 and prior versions are vulnerable to a NoSQL injection which can lead to an administrator account takeover.Thank you to Steeve Barbeau for identifying and reporting the vulnerability. The details of the vulnerability will be shared in a future update.If you have any questions, concerns or require advice please contact security@rocket.chat or chat to us on https://open.rocket.chat/channel/support.Nick van den Berg

Get started with Rocket.Chat’s secure collaboration platform

Talk to sales

Frequently asked questions about <anything>

Gabriel Engel is the CEO and co-founder of Rocket.Chat, the leading open source communications platform.
Gabriel Engel
Related Article:
Team collaboration: 5 reasons to improve it and 6 ways to master it
Want to collaborate securely with your team?
Deploy Rocket.Chat on-premise or in the cloud and keep your conversations private.
  • Digital sovereignty
  • Federation capabilities
  • Scalable and white-labeled
Talk to sales
Looking for a HIPAA-ready communications platform?
Enable patients and healthcare providers to securely communicate without exposing their data.
  • Highly scalable and secure
  • Full patient conversation history
  • HIPAA-ready
Talk to sales
The #1 communications platform for government
Deploy Rocket.Chat on-premise, in the cloud, or air-gapped environment.
  • Secure data governance and digital sovereignty
  • Trusted by State, Local, and Federal agencies across the world
  • Matrix federation capabilities for cross-agency communication
Talk to sales
Want to customize Rocket.Chat according to your own preferences?
See behind the engine and change the code how you see fit.
  • Open source code
  • Highly secure and scalable
  • Unmatched flexibility
Talk to sales
Looking for a secure collaboration platform?
Keep your conversations private while enjoying a seamless collaboration experience with Rocket.Chat.
  • End-to-end encryption
  • Cloud or on-prem deployment
  • Supports compliance with HIPAA, GDPR, FINRA, and more
Talk to sales
Want to build a highly secure in-app chat experience?
Use Rocket.Chat’s APIs, frameworks, and managed backend to build a secure in-app or live chat experience for your customers.
  • Supports compliance with HIPAA, GDPR, FINRA, and more
  • Highly secure and flexible
  • On-prem or cloud deployment
Talk to sales

Relevant articles

See All
Oct 31, 2025
Product Updates

Introducing Launchpad: The fastest way to deploy Rocket.Chat

Oct 20, 2025
Product Updates

Product Roundup: What’s new in Rocket.Chat 7.11

Oct 9, 2025
Product Updates

Building a connected future: Native federation and Matrix partnership

May 19, 2025
Product Updates

A new chapter for Federation at Rocket.Chat: The shift to a native solution

Our best content, once a week

Share this on:

Get your free, personalized demo now!

Build the most secure chat experience for your team or customers

Book demo