9 matches found
EUVD-2024-3335
Malicious code in bioql PyPI...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
FreeBSD : Matrix clients -- mxc uri validation in js sdk (574f7bc9-a141-11ef-84e9-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 574f7bc9-a141-11ef-84e9-901b0e9408dc advisory. matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversa...
GHSA-XVG8-M4X3-W6XR matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Details The Matrix specification demands...
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Details The Matrix specification demands...
CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336
CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...
PT-2024-34149
Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 34.11.0 Description: The issue concerns a client-side path traversal vulnerability via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated G...
Matrix clients -- mxc uri validation in js sdk
matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver...