81 matches found
PT-2023-26555 · Unknown · Matrix-Appservice-Irc
Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 1.0.1 Description: The issue allows an attacker to craft a command with newlines that would not be properly parsed, enabling them to pass a string of commands as a channel name, which would then be...
matrix-appservice-irc Information Disclosure Vulnerability
matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. An information disclosure vulnerability exists in versions prior to matrix-appservice-irc 1.0.1, which stems from a vulnerability that allows an attacker to obtain informati...
Matrix matrix-appservice-irc Command Injection Vulnerability
matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A command injection vulnerability exists in Matrix matrix-appservice-irc versions prior to 1.0.1, which stems from a vulnerability that allows an attacker to craft commands...
GHSA-FFWF-47X2-JPR8 Matrix-appservice-irc vulnerable to sql injection via roomIds argument
A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is...
CVE-2022-3971
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...
Sql injection
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...
CVE-2022-3971
Summary (CVE-2022-3971) : A SQL injection vulnerability exists in matrix-appservice-irc up to version 0.35.1, in an unknown portion of the code path that handles the argument roomIds within PgDataStore.ts . The issue is exploitable via untrusted input and is described as a critical risk in multip...
matrix-appservice-irc 安全漏洞
matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc 0.35.1 and earlier versions, which stems from affected unknown code in the file src/datastore/postgres/PgDataStore.t...
PT-2022-24988 · Unknown · Matrix-Appservice-Irc
Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions up to 0.35.1 Description: A critical issue affects the file src/datastore/postgres/PgDataStore.ts, where the manipulation of the roomIds argument leads to sql injection. Upgrading to version 0.36.0 addresses thi...
CVE-2022-3971 matrix-appservice-irc PgDataStore.ts sql injection
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...
CVE-2022-3971 matrix-appservice-irc PgDataStore.ts sql injection
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...
CVE-2022-3971 matrix-appservice-irc PgDataStore.ts sql injection
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...
GHSA-CQ7Q-5C67-W39W matrix-appservice-irc vulnerable to IRC mode parameter confusion
Impact IRC allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode command...
matrix-appservice-irc vulnerable to IRC mode parameter confusion
Impact IRC allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode command...
Parsing issue in matrix-org/node-irc leading to room takeovers
Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...
GHSA-XVQG-MV25-RWVW Parsing issue in matrix-org/node-irc leading to room takeovers
Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...
Privilege Escalation
matrix-appservice-irc is vulnerable to privilege escalation. The vulnerability exists in the DEFAULTCONFIG function in IrcServer.ts due to improper validation of user rights, allowing an attacker to elevate privileges...
CVE-2022-39202
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...
CVE-2022-39203
The CVE-2022-39203 entry concerns matrix-appservice-irc (Matrix’s Node.js IRC bridge). A crafted string can cause the bridge to merge an attacker-owned channel with an existing channel, enabling the attacker to grant themselves channel permissions. This has been fixed in matrix-appservice-irc ver...
CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...