7 matches found
CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
Linux Distros Unpatched Vulnerability : CVE-2024-42369
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the...
@airgap/beacon-sdk (>=0.0.1 <=0.0.3-beta.9), @altispeed/rn-matrix-core (>=0.0.34 <=0.0.36) +56 more potentially affected by CVE-2024-42369 via matrix-js-sdk (>=0.0.4 <=34.3.0)
matrix-js-sdk NPM version =0.0.4, =0.0.1, =0.0.34, =1.3.0, =1.0.0, =2.0.0, =2.0.0-alpha.3, =2.0.0-alpha.1, =1.4.1, =0.0.1, =0.0.0-development, =0.1.0, =0.17.0, =4.0.1, =0.3.1, =0.8.0 and more Source cves: CVE-2024-42369 Source advisory: OSV:GHSA-VHR5-G3PM-49FM...
CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-42369
CVE-2024-42369 affects the matrix-js-sdk (JavaScript) where a malicious homeserver can craft a room structure whose predecessors form a cycle. This makes getRoomUpgradeHistory() recursively traverse and hang, and since this method is public and invoked by leaveRoomChain(), leaving a room can trig...
CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...