CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

CVE-2023-30609

The CVE-2023-30609 issue affects matrix-react-sdk prior to version 3.71.0, where plain text messages containing HTML tags rendered in search results are treated as HTML. Exploitation requires tricking a user into searching for a specific message containing an HTML payload; the vulnerability is mi...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-30609 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-30609 Source advisory: OSV:GHSA-XV83-X443-7RMW...

Prototype Pollution

matrix-react-sdk is vulnerable to Prototype Pollution. The vulnerability exists because, in certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype which may lead to an application crash...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-28103 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-28103 Source advisory: OSV:GHSA-6G43-88CP-W5GV...

Prototype pollution in matrix-react-sdk

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

Design/Logic Flaw

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-36060 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-36060 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-36060

CVE-2022-36060 concerns prototype pollution in matrix-react-sdk. Connected sources describe that, in certain configurations, specially crafted strings in data sent to the SDK could modify Object.prototype, disrupting normal rendering of rooms/events and potentially causing denial of service or lo...

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2022-36060 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2022-36060 Source advisory: OSV:GHSA-2X9C-QWGF-94XR...

GHSA-2X9C-QWGF-94XR matrix-react-sdk Prototype pollution vulnerability

Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. Patches...

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into a web page. A security vulnerability exists in matrix-react-sdk, which originates from data sent from a remote server that could result in some functionality being...

PT-2023-21561 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.69.0 Description: The issue arises when data sent by remote servers contains special strings in key locations, potentially modifying the Object.prototype and disrupting the functionality of matrix-react-sd...

PT-2023-13454 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.53.0 Description: Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remaind...

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into web pages. A security vulnerability exists in matrix-react-sdk versions prior to 3.53.0, which stems from an event sent using a special string in a critical location...

Prototype Pollution

matrix-react-sdk is vulnerable to Denial Of Service DoS. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede the EventTileFactory, which allows an attacker to cause a room or event tile crash...