Lucene search
PRIOn knowledge basePRION:CVE-2023-28103HistoryMar 28, 2023 - 9:15 p.m.
Design/Logic Flaw
2023-03-2821:15:00
PRIOn knowledge base
www.prio-n.com
7
matrix
react javascript
protocol
sdk
data
remote servers
object.prototype
denial of service
program logic
vulnerability
upgrade
advisory
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-react-sdk | lt | 3.69.0 |
Related
alpinelinux
alpinelinux
CVE-2023-28103
2023-03-28 21:15:10
cve
cve
CVE-2023-28103
2023-03-28 21:15:10
osv
osv
CVE-2023-28103
2023-03-28 21:15:10
Prototype pollution in matrix-react-sdk
2023-03-29 19:34:25
cvelist
cvelist
CVE-2023-28103 Prototype pollution in matrix-react-sdk
2023-03-28 20:37:24
nvd
nvd
CVE-2023-28103
2023-03-28 21:15:10
veracode
veracode
Prototype Pollution
2023-04-04 03:46:43
freebsd
freebsd
Matrix clients -- Prototype pollution in matrix-js-sdk
2023-03-28 00:00:00
nessus
nessus
github
github
Prototype pollution in matrix-react-sdk
2023-03-29 19:34:25