7 matches found
EUVD-2025-0105
Malicious code in bioql PyPI...
EUVD-2025-0094
Malicious code in bioql PyPI...
CVE-2023-41318
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...
CVE-2024-52791
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
Travis Ralston matrix-media-repo 资源管理错误漏洞
Travis Ralston matrix-media-repo is a Travis Ralston open source application. A highly customizable multi-domain media repository for Matrix. A security vulnerability exists in matrix-media-repo that stems from an inability to properly process malicious images that are made to be small in file si...