Lucene search
K

3631 matches found

Cvelist
Cvelist
added 2025/01/16 7:14 p.m.16 views

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5CVSS0.00552EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/01/16 7:14 p.m.6 views

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5CVSS5.4AI score0.00552EPSS
Exploits0References5
CVE
CVE
added 2025/01/16 7:14 p.m.74 views

CVE-2024-52602

CVE-2024-52602 affects Matrix Media Repo (MMR), a multi-homeserver media repository for Matrix. An SSRF (server-side request forgery) vulnerability could cause MMR to fetch and serve content from a private network accessible to the server under certain conditions. The issue is mitigated by upgrad...

5.3CVSS5AI score0.00552EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/01/16 7:14 p.m.4 views

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5CVSS6.7AI score0.00552EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/16 7:12 p.m.10 views

CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

5.3CVSS0.00728EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/16 7:12 p.m.5 views

CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

5.3CVSS5.6AI score0.00728EPSS
Exploits0References2
CVE
CVE
added 2025/01/16 7:12 p.m.65 views

CVE-2024-52791

CVE-2024-52791 affects Matrix Media Repo (MMR). The issue is memory exhaustion when MMR parses large JSON responses from other servers, potentially consuming all available memory. The advisory states this is fixed in MMR v1.3.8 and recommends upgrading. If upgrading isn’t possible, mitigation opt...

7.5CVSS5.3AI score0.00728EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/16 7:12 p.m.6 views

CVE-2024-52791 Denial of service through memory exhaustion in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

5.3CVSS6.8AI score0.00728EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/16 7:11 p.m.12 views

CVE-2024-56515 Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...

6.8CVSS0.00618EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/16 7:11 p.m.7 views

CVE-2024-56515 Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...

6.8CVSS7.1AI score0.00618EPSS
Exploits0References2
OSV
OSV
added 2025/01/16 7:11 p.m.3 views

CVE-2024-56515 Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...

6.8CVSS6.8AI score0.00618EPSS
Exploits0References4
CVE
CVE
added 2025/01/16 7:11 p.m.57 views

CVE-2024-56515

CVE-2024-56515 affects Matrix Media Repo (MMR). The issue arises when enabling SVG/JPEGXL/MP4 thumbnailers may allow a crafted upload to trigger a decoder in ImageMagick or ffmpeg, potentially leading to code execution in some environments. MMR v1.3.8 fixes the problem by validating media mimetyp...

6.8CVSS6.8AI score0.00618EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/16 6:57 p.m.18 views

CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

4.3CVSS0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.4 views

matrix-media-repo 代码问题漏洞

matrix-media-repo is a highly configurable multi-domain media repository for Matrix in the t2bot.io open source. A code issue vulnerability exists in matrix-media-repo that stems from the fact that if Matrix Media Repo has SVG or JPEGXL thumbnails enabled, a user can upload files claiming to be o...

6.8CVSS6.9AI score0.00618EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.4 views

Matrix 安全漏洞

Matrix is a new ecosystem of Matrix open source for open federated instant messaging and VoIP. A security vulnerability exists in Matrix that stems from uncontrolled disk consumption, resulting in a denial of service...

7.5CVSS6.7AI score0.00675EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.8 views

gomatrixserverlib 代码问题漏洞

gomatrixserverlib is a Go library from the Matrix Foundation. It is used for common functions required by Matrix servers. A code issue vulnerability exists in Gomatrixserverlib that stems from vulnerability to server-side request forgery attacks...

4.3CVSS6.9AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.4 views

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix suffers from an authorization issue vulnerability that stems from allowing a remote participant to trigger the download and caching of remote media from a remote home server to a local media repository...

5.3CVSS6.6AI score0.00529EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.3 views

matrix-media-repo 代码问题漏洞

matrix-media-repo is a highly configurable multi-domain media repository for Matrix open source by t2bot.io. A code issue vulnerability exists in matrix-media-repo versions prior to v1.3.8 that stems from vulnerability to a server-side request forgery attack that, under certain conditions, serves...

5.3CVSS6.9AI score0.00552EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.7 views

matrix-media-repo 安全漏洞

matrix-media-repo is a highly configurable multi-domain media repository for Matrix open-sourced by t2bot.io. A security vulnerability exists in matrix-media-repo versions prior to v1.3.8, which stems from requests made to other servers during normal operation. These resource owners can return...

7.5CVSS6.8AI score0.00728EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.8 views

PT-2025-2933 · Unknown +1 · Matrix Media Repo +1

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This issue allows MMR to serve...

8.9CVSS6.8AI score0.0104EPSS
Exploits2References94
Rows per page
Query Builder