GHSA-5MVM-89C9-9GM5 Matrix IRC Bridge allows IRC command injection to own puppeted user

Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

CVE-2023-38690 matrix-appservice-irc IRC command injection via admin commands containing newlines

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0....

IRCCloud: Unvalidated Channel names causes IRC Command Injection

IRCCloud does not validate the channel names created by a user causing it to be parsed as an IRC command such as QUIT. This means the user can have their clients force-closed by a malicious channel name. This could also lead to other command injections such as forcing the handover of channels to...