86 matches found
CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
UBUNTU-CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2022-39236
CVE-2022-39236 affects the Matrix JavaScript SDK (matrix-js-sdk). Starting with version 17.1.0-rc.1, improperly formed beacon events (MSC3488) can disrupt or impede the matrix-js-sdk’s operation, potentially preventing safe data processing. The SDK may appear functional while excluding or corrupt...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39251
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39251
The CVE-2022-39251 vulnerability affects the Matrix Javascript SDK (matrix-js-sdk) prior to version 19.7.0. It stems from a protocol confusion bug that allowed to‑device messages encrypted with Megolm to be accepted as Olm, enabling an attacker coordinating with a malicious homeserver to craft me...
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39249
CVE-2022-39249 affects the Matrix Javascript SDK (matrix-js-sdk) prior to 19.7.0. A malicious homeserver can coordinate to craft messages that appear from another user due to a permissive key-forwarding policy. Starting with 19.7.0, the default policy was tightened to only accept forwarded keys i...
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2022-39249
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
UBUNTU-CVE-2022-36059
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...