Linux Distros Unpatched Vulnerability : CVE-2022-39251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...

Linux Distros Unpatched Vulnerability : CVE-2022-39250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious...

Linux Distros Unpatched Vulnerability : CVE-2022-39236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede t...

PT-2025-38058

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 38.2.0 Description: The Matrix JavaScript SDK has insufficient validation of room predecessor links in the MatrixClient::getJoinedRooms function, potentially allowing a remote attacker to replace a tombstoned...

UBUNTU-CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

CentOS 7 : thunderbird (RHSA-2022:7184)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7184 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt ...

SUSE CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

DEBIAN-CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

UBUNTU-CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

PT-2024-29903 · Unknown +1 · Matrix-Js-Sdk +1

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 34.3.1 Description: A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The getRoomUpgradeHistory function will infinitely recurse in this case, causing the code t...

DEBIAN-CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

UBUNTU-CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

@eweser/db (>=1.4.1 <=1.6.2), @medicaa/trustie (>=0.0.1 <=0.0.3) +36 more potentially affected by CVE-2023-29529 via matrix-js-sdk (>=0.0.4 <=24.1.0-rc.1)

matrix-js-sdk NPM version =0.0.4, =1.4.1, =0.0.1, =0.17.0, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.1.0, =0.0.1, =0.11.1-7, =1.6.0, =1.0.33, =1.1.5 and more Source cves: CVE-2023-29529 Source advisory: OSV:GHSA-6G67-Q39G-R79Q...

@eweser/db (>=1.4.1 <=1.6.2), @medicaa/trustie (>=0.0.1 <=0.0.3) +36 more potentially affected by CVE-2023-28427 via matrix-js-sdk (>=0.0.4 <=23.5.0)

matrix-js-sdk NPM version =0.0.4, =1.4.1, =0.0.1, =0.17.0, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.1.0, =0.0.1, =0.11.1-7, =1.6.0, =1.0.33, =1.1.5 and more Source cves: CVE-2023-28427 Source advisory: OSV:GHSA-MWQ8-FJPF-C2GR...

DEBIAN-CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-36059 via matrix-js-sdk (>=0.0.4 <=19.4.0-rc.1)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-36059 Source advisory: OSV:GHSA-RFV9-X7HH-XC32...

SUSE CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

Fedora 35 : thunderbird (2022-1454bee2fa)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-1454bee2fa advisory. Update to 102.3.1 https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/ https://www.thunderbird.net/en-US/thunderbird/102.3.1/releasenotes/ ----...

Rocky Linux 8 : thunderbird (RLSA-2022:7190)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7190 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5724-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5724-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...