matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-30609 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-30609 Source advisory: OSV:GHSA-XV83-X443-7RMW...

Prototype Pollution

matrix-react-sdk is vulnerable to Prototype Pollution. The vulnerability exists because, in certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype which may lead to an application crash...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-28103 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-28103 Source advisory: OSV:GHSA-6G43-88CP-W5GV...

Prototype pollution in matrix-react-sdk

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

Design/Logic Flaw

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-36060 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-36060

CVE-2022-36060 concerns prototype pollution in matrix-react-sdk. Connected sources describe that, in certain configurations, specially crafted strings in data sent to the SDK could modify Object.prototype, disrupting normal rendering of rooms/events and potentially causing denial of service or lo...

CVE-2022-36060 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

GHSA-2X9C-QWGF-94XR matrix-react-sdk Prototype pollution vulnerability

Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. Patches...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2022-36060 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2022-36060 Source advisory: OSV:GHSA-2X9C-QWGF-94XR...

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into a web page. A security vulnerability exists in matrix-react-sdk, which originates from data sent from a remote server that could result in some functionality being...

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into web pages. A security vulnerability exists in matrix-react-sdk versions prior to 3.53.0, which stems from an event sent using a special string in a critical location...

PT-2023-13454 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.53.0 Description: Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remaind...

PT-2023-21561 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.69.0 Description: The issue arises when data sent by remote servers contains special strings in key locations, potentially modifying the Object.prototype and disrupting the functionality of matrix-react-sd...

Prototype Pollution

matrix-react-sdk is vulnerable to Denial Of Service DoS. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede the EventTileFactory, which allows an attacker to cause a room or event tile crash...

GHSA-CG57-P69R-3M7P Improper file handling in matrix-react-sdk

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-32622 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-32622 Source advisory: OSV:GHSA-CG57-P69R-3M7P...