EUVD-2022-41773

Malicious code in bioql PyPI...

CVE-2023-38690

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0....

PT-2023-26556 · Unknown · Matrix-Appservice-Bridge

Name of the Vulnerable Software and Affected Versions: matrix-appservice-bridge versions 4.0.0 through 8.1.1 matrix-appservice-bridge versions 9.0.0 Description: A malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the...

PT-2022-24803 · Node-Irc +1 · Node-Irc +1

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue arises from a bug in the underlying matrix-org/node-irc library, causing matrix-appservice-irc to incorrectly parse multiple modes in a single mode command. This can...