Lucene search
+L

5 matches found

NVD
NVD
added 2023/09/27 9:15 p.m.36 views

CVE-2023-43656

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...

9CVSS6.4AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/27 8:38 p.m.24 views

CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...

5.6CVSS6.7AI score0.00283EPSS
Exploits0References2
CVE
CVE
added 2023/09/27 8:38 p.m.61 views

CVE-2023-43656

CVE-2023-43656 affects matrix-hookshot. When transformation functions are enabled (generic.allowJsTransformationFunctions), an attacker could break out of the vm2 sandbox, making Hookshot vulnerable. This primarily concerns instances where untrusted users can apply their own transformation functi...

9CVSS7.3AI score0.00283EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/27 8:38 p.m.35 views

CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...

5.6CVSS9.2AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2023/09/27 8:38 p.m.31 views

CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...

5.6CVSS8.7AI score0.00283EPSS
Exploits0References4
Rows per page
Query Builder