3631 matches found
CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52602
CVE-2024-52602 affects Matrix Media Repo (MMR), a multi-homeserver media repository for Matrix. An SSRF (server-side request forgery) vulnerability could cause MMR to fetch and serve content from a private network accessible to the server under certain conditions. The issue is mitigated by upgrad...
CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...
CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2024-52791
CVE-2024-52791 affects Matrix Media Repo (MMR). The issue is memory exhaustion when MMR parses large JSON responses from other servers, potentially consuming all available memory. The advisory states this is fixed in MMR v1.3.8 and recommends upgrading. If upgrading isn’t possible, mitigation opt...
CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2024-56515 Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...
CVE-2024-56515 Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...
CVE-2024-56515 Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...
CVE-2024-56515
CVE-2024-56515 affects Matrix Media Repo (MMR). The issue arises when enabling SVG/JPEGXL/MP4 thumbnailers may allow a crafted upload to trigger a decoder in ImageMagick or ffmpeg, potentially leading to code execution in some environments. MMR v1.3.8 fixes the problem by validating media mimetyp...
CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...
matrix-media-repo 代码问题漏洞
matrix-media-repo is a highly configurable multi-domain media repository for Matrix in the t2bot.io open source. A code issue vulnerability exists in matrix-media-repo that stems from the fact that if Matrix Media Repo has SVG or JPEGXL thumbnails enabled, a user can upload files claiming to be o...
Matrix 安全漏洞
Matrix is a new ecosystem of Matrix open source for open federated instant messaging and VoIP. A security vulnerability exists in Matrix that stems from uncontrolled disk consumption, resulting in a denial of service...
gomatrixserverlib 代码问题漏洞
gomatrixserverlib is a Go library from the Matrix Foundation. It is used for common functions required by Matrix servers. A code issue vulnerability exists in Gomatrixserverlib that stems from vulnerability to server-side request forgery attacks...
Matrix 授权问题漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix suffers from an authorization issue vulnerability that stems from allowing a remote participant to trigger the download and caching of remote media from a remote home server to a local media repository...
matrix-media-repo 代码问题漏洞
matrix-media-repo is a highly configurable multi-domain media repository for Matrix open source by t2bot.io. A code issue vulnerability exists in matrix-media-repo versions prior to v1.3.8 that stems from vulnerability to a server-side request forgery attack that, under certain conditions, serves...
matrix-media-repo 安全漏洞
matrix-media-repo is a highly configurable multi-domain media repository for Matrix open-sourced by t2bot.io. A security vulnerability exists in matrix-media-repo versions prior to v1.3.8, which stems from requests made to other servers during normal operation. These resource owners can return...
PT-2025-2933 · Unknown +1 · Matrix Media Repo +1
Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This issue allows MMR to serve...