GoogleOSV:GHSA-FFWF-47X2-JPR8Matrix-appservice-irc vulnerable to sql injection via roomIds argument
5.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.7%
A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-appservice-irc | lt | 0.36.0 |
References
github.com/matrix-org/matrix-appservice-irc
github.com/matrix-org/matrix-appservice-irc/commit/179313a37f06b298150edba3e2b0e5a73c1415e7
github.com/matrix-org/matrix-appservice-irc/pull/1619
github.com/matrix-org/matrix-appservice-irc/releases/tag/0.36.0
nvd.nist.gov/vuln/detail/CVE-2022-3971
vuldb.com/?id.213550
Related
5.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.7%