13 matches found
CVE-2023-43656
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
CVE-2025-23197 matrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service DoS whereby it can crash on restart due...
CVE-2025-23197 matrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service DoS whereby it can crash on restart due...
CVE-2025-23197
CVE-2025-23197 affects matrix-hookshot, a Matrix bot that bridges to services like GitHub. Vulnerable are Hookshot 6 <= 6.0.1 and Hookshot 5
Matrix Hookshot 代码问题漏洞
Matrix Hookshot is a Matrix open source bridge between Matrix and multiple project management services. A code issue vulnerability exists in Matrix Hookshot 6.0.1 and prior versions, which stems from a denial of service vulnerability that causes a crash on restart due to a missing check...
CVE-2023-43656
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
Design/Logic Flaw
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
CVE-2023-43656
CVE-2023-43656 affects matrix-hookshot. When transformation functions are enabled (generic.allowJsTransformationFunctions), an attacker could break out of the vm2 sandbox, making Hookshot vulnerable. This primarily concerns instances where untrusted users can apply their own transformation functi...
CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
PT-2023-28902 · Github +2 · Github +2
Name of the Vulnerable Software and Affected Versions: matrix-hookshot versions prior to 4.5.0 Description: The issue affects matrix-hookshot, a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances with enabled transformation functions, specifically those...
matrix-hookshot injection vulnerability
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. An injection vulnerability exists in matrix-hookshot 4.5.0 and prior versions, which can be exploited to break out of the vm2 sandbox in instances where conversion functions are enabled...