Lucene search
K

3662 matches found

NVD
NVD
added 2025/01/16 8:15 p.m.7 views

CVE-2024-56515

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...

6.8CVSS0.00618EPSS
Exploits0References2
NVD
NVD
added 2025/01/16 8:15 p.m.4 views

CVE-2024-36402

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS0.00529EPSS
Exploits0References2
NVD
NVD
added 2025/01/16 8:15 p.m.5 views

CVE-2024-36403

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

7.5CVSS0.00675EPSS
Exploits0References2
NVD
NVD
added 2025/01/16 8:15 p.m.7 views

CVE-2024-52602

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5.3CVSS0.00552EPSS
Exploits0References5
NVD
NVD
added 2025/01/16 8:15 p.m.8 views

CVE-2024-52791

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

7.5CVSS0.00728EPSS
Exploits0References2
OSV
OSV
added 2025/01/16 7:35 p.m.7 views

GHSA-R6JG-JFV6-2FJV Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation

Impact Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. Patches This is fixed in MMR v1.3.8. Workarounds Restricting which hosts MMR is allowed to contact via local firewall rules or a transparent...

5CVSS6.5AI score0.00552EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/01/16 7:35 p.m.14 views

Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation

Impact Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. Patches This is fixed in MMR v1.3.8. Workarounds Restricting which hosts MMR is allowed to contact via local firewall rules or a transparent...

5.3CVSS6.5AI score0.00552EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2025/01/16 7:19 p.m.12 views

CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS0.00529EPSS
Exploits0References2
OSV
OSV
added 2025/01/16 7:19 p.m.7 views

CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS6.5AI score0.00529EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/16 7:19 p.m.4 views

CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS5.8AI score0.00529EPSS
Exploits0References2
CVE
CVE
added 2025/01/16 7:19 p.m.60 views

CVE-2024-36402

CVE-2024-36402 affects Matrix Media Repo (MMR) prior to 1.3.5. Unauthenticated remote participants could trigger remote media download/cache into the local media repo, making content available for unauthenticated download and enabling planting problematic content. The issue is partially mitigated...

5.3CVSS5.4AI score0.00529EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/01/16 7:16 p.m.53 views

CVE-2024-36403

CVE-2024-36403 affects Matrix Media Repo (MMR) before 1.3.5. An unauthenticated attacker can cause unbounded disk consumption by triggering MMR to download and cache large volumes of remote media. Deployments using file-backed storage or self-hosted S3 storage are vulnerable to a disk-fill denial...

7.5CVSS5.5AI score0.00675EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/16 7:16 p.m.12 views

CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

5.3CVSS0.00675EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/16 7:16 p.m.5 views

CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

5.3CVSS5.8AI score0.00675EPSS
Exploits0References2
OSV
OSV
added 2025/01/16 7:16 p.m.6 views

CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

5.3CVSS7AI score0.00675EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/16 7:14 p.m.15 views

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5CVSS0.00552EPSS
Exploits0References5
CVE
CVE
added 2025/01/16 7:14 p.m.73 views

CVE-2024-52602

CVE-2024-52602 affects Matrix Media Repo (MMR), a multi-homeserver media repository for Matrix. An SSRF (server-side request forgery) vulnerability could cause MMR to fetch and serve content from a private network accessible to the server under certain conditions. The issue is mitigated by upgrad...

5.3CVSS5AI score0.00552EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/16 7:14 p.m.6 views

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5CVSS5.4AI score0.00552EPSS
Exploits0References5
OSV
OSV
added 2025/01/16 7:14 p.m.4 views

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5CVSS6.7AI score0.00552EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/01/16 7:12 p.m.5 views

CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

5.3CVSS5.6AI score0.00728EPSS
Exploits0References2
Rows per page
Query Builder