62 matches found
EUVD-2021-16068
Malware in sbrugna...
EUVD-2025-0103
Malicious code in bioql PyPI...
EUVD-2025-0098
Malicious code in bioql PyPI...
CVE-2024-52602
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52791
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2021-29453
matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in term...
SUSE CVE-2024-36402
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
SUSE CVE-2024-36403
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...
SUSE CVE-2024-52602
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
SUSE CVE-2024-52791
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
Unbounded Disk Consumption
github.com/t2bot/matrix-media-repo is vulnerable to Unbounded Disk Consumption. The vulnerability is MMR's lack of proper rate limiting and controls on the amount of data that can be requested and cached, allowing unauthenticated users to request excessive amounts of remote media files...
Arbitrary Code Execution
github.com/t2bot/matrix-media-repo is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation of file types during the thumbnail generation process, where MMR relies on user-supplied file type values to select decoders e.g., ImageMagick or ffmpeg, which can...
Server Side Request Forgery (SSRF)
github.com/t2bot/matrix-media-repo is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to MMR serving content from a private network it can access, under certain conditions, allows attackers to potentially access internal resources that would otherwise be protected...
Excessive Memory Consumption
github.com/t2bot/matrix-media-repo is vulnerable to Excessive Memory Consumption. The vulnerability is due to inadequate handling of large JSON responses, allowing an attacker to exhaust system memory and potentially crash the application...
GO-2025-3399 Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation in github.com/t2bot/matrix-media-repo
Matrix Media Repo MMR allows Server-Side Request Forgery SSRF on redirects and federation in github.com/t2bot/matrix-media-repo...
GO-2025-3397 matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo
matrix-media-repo MMR allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo...
GO-2025-3401 matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads in github.com/t2bot/matrix-media-repo
matrix-media-repo MMR allows denial of service/high operating costs through unauthenticated downloads in github.com/t2bot/matrix-media-repo...
GO-2025-3400 Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in github.com/t2bot/matrix-media-repo
Matrix Media Repo MMR allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in github.com/t2bot/matrix-media-repo...
GO-2025-3398 matrix-media-repo (MMR) allows a denial of service through memory exhaustion in github.com/t2bot/matrix-media-repo
matrix-media-repo MMR allows a denial of service through memory exhaustion in github.com/t2bot/matrix-media-repo...
CVE-2024-56515
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...