5 matches found
continuwuity 安全漏洞
Continuwity is an open-source family server developed by Continuwity. There is a security vulnerability in Continuwity, which arises when users leave a room, join another room, or make a knock sound. In such cases, the victim’s server may sign any event provided by the remote server...
SUSE CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
GHSA-VHR5-G3PM-49FM matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Impact A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain' method, so...
UBUNTU-CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
PT-2024-29903 · Unknown +1 · Matrix-Js-Sdk +1
Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 34.3.1 Description: A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The getRoomUpgradeHistory function will infinitely recurse in this case, causing the code t...