108 matches found
CVE-2022-36059 Prototype pollution in matrix-js-sdk
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
CVE-2022-36059 Prototype pollution in matrix-js-sdk
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
CVE-2022-36059
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
CVE-2022-36059
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
GHSA-RFV9-X7HH-XC32 matrix-js-sdk Prototype Pollution vulnerability
Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting...
matrix-js-sdk 安全漏洞
matrix-js-sdk is an application component of matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 24.0.0, which stems from an event sent using a special string that may temporarily interrupt or prevent the normal operation of a program...
Amazon Linux 2 : thunderbird (ALAS-2022-1900)
The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...
Oracle Linux 9 : thunderbird (ELSA-2022-7178)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7178 advisory. 102.4.0-1 - Update to 102.4.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
Oracle Linux 7 : thunderbird (ELSA-2022-7184)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7184 advisory. - Fix for expat CVE-2022-40674 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...
@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-39250 via matrix-js-sdk (>=0.0.4 <=19.6.0)
matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-39250 Source advisory: OSV:GHSA-5W8R-8PGJ-5JMF...
Authentication Bypass
matrix-js-sdk is vulnerable to authentication bypass. A malicious server admin is able to break emoji-based verification when cross-signing is in use, authenticating themselves instead of the target user being verified. The vulnerability is possible because the library confuses device IDs and...
@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-39251 via matrix-js-sdk (>=0.0.4 <=19.6.0)
matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-39251 Source advisory: OSV:GHSA-R48R-J8FX-MQ2C...
GHSA-HVV8-5V86-R45X Improper beacon events in matrix-js-sdk can result in availability issues
Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...
Improper beacon events in matrix-js-sdk can result in availability issues
Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...
Denial Of Service (DoS)
matrix-js-sdk is vulnerable to denial of service attacks. The vulnerability exists in the senderKey parameter inmegolm.js due to improperly formed beacon events which allows an attacker to craft a malicious event and crash the system...
CVE-2022-39250
Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...
Matrix clients -- several vulnerabilities
Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...
Prototype Pollution
matrix-js-sdk is vulnerable to Prototype Pollution. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede in the library, which leads to excluding or corrupting runtime data...
Fedora 36 : thunderbird (2022-8bf22a684b)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8bf22a684b advisory. Update to 102.2.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ Tenable has extracted the preceding description block directly from the...
CVE-2022-36059
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...