10 matches found
CVE-2025-59160
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
GHSA-MP7C-M3RH-R56V matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...
Missing Authorization
Overview matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Missing Authorization via insufficient validation of room predecessor links in the getJoinedRooms function. An attacker can cause a user to join an attacker-controlled room by...
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...
DEBIAN-CVE-2025-59160
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
UBUNTU-CVE-2025-59160
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left
Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...
CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left
Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...
PT-2025-38059
Name of the Vulnerable Software and Affected Versions: Element Web versions prior to 1.11.112 Element Desktop versions prior to 1.11.112 Description: Element Web and Element Desktop are susceptible to a room list manipulation issue due to insufficient validation of room predecessor links. A remot...
PT-2025-38058
Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 38.2.0 Description: The Matrix JavaScript SDK has insufficient validation of room predecessor links in the MatrixClient::getJoinedRooms function, potentially allowing a remote attacker to replace a tombstoned...