CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

CVE-2024-42369

CVE-2024-42369 affects the matrix-js-sdk (JavaScript) where a malicious homeserver can craft a room structure whose predecessors form a cycle. This makes getRoomUpgradeHistory() recursively traverse and hang, and since this method is public and invoked by leaveRoomChain(), leaving a room can trig...

matrix-js-sdk 安全漏洞

matrix-js-sdk is an application component of Matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 34.2.0, which stems from a malicious home server that can craft a room or room structure so that the predecessor forms a loop, and the getRoomUpgradeHistory function...

CVE-2018-17201

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan incubating was renamed to Apache Commons Imaging...

CVE-2018-17201

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan incubating was renamed to Apache Commons Imaging...