35 matches found
EUVD-2023-1097
Malicious code in bioql PyPI...
EUVD-2024-1322
Malicious code in bioql PyPI...
EUVD-2024-2665
Malicious code in bioql PyPI...
EUVD-2024-3335
Malicious code in bioql PyPI...
EUVD-2023-1061
Malicious code in bioql PyPI...
PT-2025-37754
Name of the Vulnerable Software and Affected Versions The Matrix versions prior to 1.16 Description The Matrix specification has deficient state resolution when using a room version before 12 and State Resolution before 2.1. Recommendations Update to version 1.16 or later...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-52505
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...
CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...
CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...
CVE-2024-52505
CVE-2024-52505 affects the matrix-appservice-irc Node.js IRC bridge. The provisioning API in versions up to 3.0.2 allowed arbitrary IRC command execution by the bridge bot, as described in multiple sources. A fix exists in version 3.0.3, which patches the vulnerability. No exploitation details ar...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336
CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...
CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-42369
CVE-2024-42369 affects the matrix-js-sdk (JavaScript) where a malicious homeserver can craft a room structure whose predecessors form a cycle. This makes getRoomUpgradeHistory() recursively traverse and hang, and since this method is public and invoked by leaveRoomChain(), leaving a room can trig...
CVE-2024-39691
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...