Lucene search
K

108 matches found

Vulnrichment
Vulnrichment
added 2023/03/28 8:32 p.m.10 views

CVE-2022-36059 Prototype pollution in matrix-js-sdk

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS8.1AI score0.0094EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 8:32 p.m.20 views

CVE-2022-36059 Prototype pollution in matrix-js-sdk

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS7.1AI score0.0094EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/03/28 8:32 p.m.34 views

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS7AI score0.0094EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/03/28 8:32 p.m.58 views

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS6.9AI score0.0094EPSS
Exploits0
OSV
OSV
added 2023/03/28 6:59 p.m.29 views

GHSA-RFV9-X7HH-XC32 matrix-js-sdk Prototype Pollution vulnerability

Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting...

7.2CVSS6.6AI score0.0094EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.1 views

matrix-js-sdk 安全漏洞

matrix-js-sdk is an application component of matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 24.0.0, which stems from an event sent using a special string that may temporarily interrupt or prevent the normal operation of a program...

8.2CVSS7.9AI score0.01185EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.54 views

Amazon Linux 2 : thunderbird (ALAS-2022-1900)

The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...

8.8CVSS8.3AI score0.01659EPSS
Exploits0References42
Tenable Nessus
Tenable Nessus
added 2022/10/26 12:0 a.m.33 views

Oracle Linux 9 : thunderbird (ELSA-2022-7178)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7178 advisory. 102.4.0-1 - Update to 102.4.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

8.8CVSS7.4AI score0.01001EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/10/26 12:0 a.m.28 views

Oracle Linux 7 : thunderbird (ELSA-2022-7184)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7184 advisory. - Fix for expat CVE-2022-40674 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

8.8CVSS7.4AI score0.01659EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2022/09/30 10:46 p.m.7 views

@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-39250 via matrix-js-sdk (>=0.0.4 <=19.6.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-39250 Source advisory: OSV:GHSA-5W8R-8PGJ-5JMF...

8.6CVSS7.1AI score0.00936EPSS
Exploits0
Veracode
Veracode
added 2022/09/30 6:19 a.m.26 views

Authentication Bypass

matrix-js-sdk is vulnerable to authentication bypass. A malicious server admin is able to break emoji-based verification when cross-signing is in use, authenticating themselves instead of the target user being verified. The vulnerability is possible because the library confuses device IDs and...

8.6CVSS8.1AI score0.00936EPSS
Exploits0References6Affected Software5
vulnersOsv
vulnersOsv
added 2022/09/30 12:41 a.m.5 views

@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-39251 via matrix-js-sdk (>=0.0.4 <=19.6.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-39251 Source advisory: OSV:GHSA-R48R-J8FX-MQ2C...

8.6CVSS7.1AI score0.00872EPSS
Exploits0
OSV
OSV
added 2022/09/29 2:36 p.m.27 views

GHSA-HVV8-5V86-R45X Improper beacon events in matrix-js-sdk can result in availability issues

Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...

4.3CVSS6.3AI score0.01001EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/09/29 2:36 p.m.33 views

Improper beacon events in matrix-js-sdk can result in availability issues

Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...

5.3CVSS6.8AI score0.01001EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2022/09/29 7:18 a.m.24 views

Denial Of Service (DoS)

matrix-js-sdk is vulnerable to denial of service attacks. The vulnerability exists in the senderKey parameter inmegolm.js due to improperly formed beacon events which allows an attacker to craft a malicious event and crash the system...

5.3CVSS6.4AI score0.01001EPSS
Exploits0References5Affected Software5
Debian CVE
Debian CVE
added 2022/09/29 12:0 a.m.25 views

CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.2AI score0.00936EPSS
Exploits0
FreeBSD
FreeBSD
added 2022/09/23 12:0 a.m.78 views

Matrix clients -- several vulnerabilities

Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...

8.6CVSS2.6AI score0.01001EPSS
Exploits0References1
Veracode
Veracode
added 2022/09/03 12:56 p.m.25 views

Prototype Pollution

matrix-js-sdk is vulnerable to Prototype Pollution. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede in the library, which leads to excluding or corrupting runtime data...

8.2CVSS6.7AI score0.0094EPSS
Exploits0References5Affected Software5
Tenable Nessus
Tenable Nessus
added 2022/09/02 12:0 a.m.32 views

Fedora 36 : thunderbird (2022-8bf22a684b)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8bf22a684b advisory. Update to 102.2.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ Tenable has extracted the preceding description block directly from the...

5.6AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/09/01 12:0 a.m.44 views

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS6.6AI score0.0094EPSS
Exploits0References5
Rows per page
Query Builder