CVE-2024-39691

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...

EUVD-2022-7327

Malicious code in bioql PyPI...

EUVD-2023-2196

Malicious code in bioql PyPI...

CVE-2024-52505

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

CVE-2023-38700

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, se...

CVE-2022-3971

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

CVE-2022-39202

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

Arbitrary IRC Command Execution

matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...

CVE-2025-27146

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

CVE-2025-27146

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

CVE-2025-27146

Summary (CVE-2025-27146): The Matrix-based bridge matrix-appservice-irc (Node.js) up to version 3.0.3 contains a vulnerability that allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user. The issue is resolved in version 3.0.4. Multiple connected sources corrob...

CVE-2022-29166

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain fro...

CVE-2022-39203

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

matrix-appservice-irc 安全漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc versions prior to 3.0.3. An attacker can exploit this vulnerability to execute arbitrary IRC commands...

PT-2024-35345 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions 3.0.2 and earlier Description: The provisioning API of the matrix-appservice-irc bridge contains a vulnerability that can lead to arbitrary IRC command execution as the bridge IRC bot. This issue is related to...

GHSA-W9MH-5X8J-9754 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to

Impact The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when determining whether or not to include a truncated version of the original...

PT-2024-28630 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 2.0.1 Description: The issue arises from the reliance on the Matrix homeserver-provided timestamp to determine user access to events. A malicious Matrix homeserver can fabricate this timestamp to trick...