3662 matches found
CVE-2024-56515
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...
CVE-2024-36402
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36403
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...
CVE-2024-52602
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52791
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
GHSA-R6JG-JFV6-2FJV Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation
Impact Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. Patches This is fixed in MMR v1.3.8. Workarounds Restricting which hosts MMR is allowed to contact via local firewall rules or a transparent...
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation
Impact Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. Patches This is fixed in MMR v1.3.8. Workarounds Restricting which hosts MMR is allowed to contact via local firewall rules or a transparent...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36402
CVE-2024-36402 affects Matrix Media Repo (MMR) prior to 1.3.5. Unauthenticated remote participants could trigger remote media download/cache into the local media repo, making content available for unauthenticated download and enabling planting problematic content. The issue is partially mitigated...
CVE-2024-36403
CVE-2024-36403 affects Matrix Media Repo (MMR) before 1.3.5. An unauthenticated attacker can cause unbounded disk consumption by triggering MMR to download and cache large volumes of remote media. Deployments using file-backed storage or self-hosted S3 storage are vulnerable to a disk-fill denial...
CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...
CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...
CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...
CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52602
CVE-2024-52602 affects Matrix Media Repo (MMR), a multi-homeserver media repository for Matrix. An SSRF (server-side request forgery) vulnerability could cause MMR to fetch and serve content from a private network accessible to the server under certain conditions. The issue is mitigated by upgrad...
CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...