Lucene search
+L

78 matches found

vulnersOsv
vulnersOsv
added 2023/04/25 7:48 p.m.6 views

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-30609 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-30609 Source advisory: OSV:GHSA-XV83-X443-7RMW...

5.4CVSS6AI score0.00617EPSS
Exploits0
Veracode
Veracode
added 2023/04/04 3:46 a.m.23 views

Prototype Pollution

matrix-react-sdk is vulnerable to Prototype Pollution. The vulnerability exists because, in certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype which may lead to an application crash...

8.2CVSS7.8AI score0.00712EPSS
Exploits0References3Affected Software2
vulnersOsv
vulnersOsv
added 2023/03/29 7:34 p.m.4 views

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-28103 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-28103 Source advisory: OSV:GHSA-6G43-88CP-W5GV...

8.2CVSS7.2AI score0.00712EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/29 7:34 p.m.38 views

Prototype pollution in matrix-react-sdk

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

8.2CVSS5.6AI score0.00712EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/03/28 9:15 p.m.53 views

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

8.2CVSS8.1AI score0.00906EPSS
Exploits0References1
Prion
Prion
added 2023/03/28 9:15 p.m.16 views

Design/Logic Flaw

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

5CVSS5.5AI score0.00906EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/28 8:37 p.m.54 views

CVE-2022-36060 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

8.2CVSS8.3AI score0.00906EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/28 8:37 p.m.11 views

CVE-2022-36060 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

8.2CVSS8.1AI score0.00906EPSS
Exploits0References1
CVE
CVE
added 2023/03/28 8:37 p.m.115 views

CVE-2022-36060

CVE-2022-36060 concerns prototype pollution in matrix-react-sdk. Connected sources describe that, in certain configurations, specially crafted strings in data sent to the SDK could modify Object.prototype, disrupting normal rendering of rooms/events and potentially causing denial of service or lo...

8.2CVSS5.9AI score0.00906EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/28 8:37 p.m.37 views

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

8.2CVSS8.1AI score0.00712EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/28 8:37 p.m.7 views

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

8.2CVSS7.9AI score0.00712EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/03/28 7:57 p.m.7 views

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2022-36060 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2022-36060 Source advisory: OSV:GHSA-2X9C-QWGF-94XR...

8.2CVSS6.6AI score0.00906EPSS
Exploits0
OSV
OSV
added 2023/03/28 7:57 p.m.30 views

GHSA-2X9C-QWGF-94XR matrix-react-sdk Prototype pollution vulnerability

Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. Patches...

7.2CVSS6.2AI score0.00906EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.7 views

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into web pages. A security vulnerability exists in matrix-react-sdk versions prior to 3.53.0, which stems from an event sent using a special string in a critical location...

8.2CVSS6.6AI score0.00906EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.6 views

PT-2023-13454 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.53.0 Description: Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remaind...

8.2CVSS5.9AI score0.00906EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.5 views

PT-2023-21561 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.69.0 Description: The issue arises when data sent by remote servers contains special strings in key locations, potentially modifying the Object.prototype and disrupting the functionality of matrix-react-sd...

8.2CVSS7.8AI score0.00712EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.6 views

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into a web page. A security vulnerability exists in matrix-react-sdk, which originates from data sent from a remote server that could result in some functionality being...

8.2CVSS7.7AI score0.00712EPSS
Exploits0References3
Veracode
Veracode
added 2022/09/03 12:36 p.m.29 views

Prototype Pollution

matrix-react-sdk is vulnerable to Denial Of Service DoS. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede the EventTileFactory, which allows an attacker to cause a room or event tile crash...

8.2CVSS5.7AI score0.00906EPSS
Exploits0References4Affected Software2
vulnersOsv
vulnersOsv
added 2022/02/10 11:46 p.m.5 views

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-32622 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-32622 Source advisory: OSV:GHSA-CG57-P69R-3M7P...

7.8CVSS7.1AI score0.00373EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/10 11:46 p.m.45 views

Improper file handling in matrix-react-sdk

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

7.8CVSS2.2AI score0.00373EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder