5 matches found
CVE-2023-43656
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
CVE-2023-43656
CVE-2023-43656 affects matrix-hookshot. When transformation functions are enabled (generic.allowJsTransformationFunctions), an attacker could break out of the vm2 sandbox, making Hookshot vulnerable. This primarily concerns instances where untrusted users can apply their own transformation functi...
CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...