CVE-2024-39691
CVE-2024-39691 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. Before version 2.0.1, the bridge used the Matrix homeserver-provided timestamp (origin_server_ts) to decide if a user could see the event being replied to. A malicious homeserver could fabricate this timestamp, causing...