Lucene search
GoogleOSV:CVE-2023-28103HistoryMar 28, 2023 - 9:15 p.m.
CVE-2023-28103
2023-03-2821:15:10
Google
osv.dev
8
cve-2023-28103
denial of service
data modification
remote servers
software vulnerability
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.
Related
alpinelinux
alpinelinux
CVE-2023-28103
2023-03-28 21:15:10
prion
prion
Design/Logic Flaw
2023-03-28 21:15:00
cve
cve
CVE-2023-28103
2023-03-28 21:15:10
cvelist
cvelist
CVE-2023-28103 Prototype pollution in matrix-react-sdk
2023-03-28 20:37:24
nvd
nvd
CVE-2023-28103
2023-03-28 21:15:10
veracode
veracode
Prototype Pollution
2023-04-04 03:46:43
freebsd
freebsd
Matrix clients -- Prototype pollution in matrix-js-sdk
2023-03-28 00:00:00
osv
osv
Prototype pollution in matrix-react-sdk
2023-03-29 19:34:25
nessus
nessus
github
github
Prototype pollution in matrix-react-sdk
2023-03-29 19:34:25