2 matches found
SUSE CVE-2024-51750
Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...
CVE-2024-47779
CVE-2024-47779 affects Element Web (Matrix client) versions 1.11.70–1.11.80, where an issue in the non-shared codebase can expose access tokens to third parties under crafted conditions, with at least one vector identified via malicious widgets. The vulnerability is mitigated by upgrading to Elem...