Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3335

Malicious code in bioql PyPI...

5.3CVSS9.1AI score0.00835EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:29 a.m.9 views

CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS6.6AI score0.00835EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/13 12:0 a.m.11 views

FreeBSD : Matrix clients -- mxc uri validation in js sdk (574f7bc9-a141-11ef-84e9-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 574f7bc9-a141-11ef-84e9-901b0e9408dc advisory. matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversa...

5.3CVSS8.5AI score0.00835EPSS
Exploits0References3
OSV
OSV
added 2024/11/12 7:54 p.m.14 views

GHSA-XVG8-M4X3-W6XR matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Details The Matrix specification demands...

5.3CVSS8.9AI score0.00835EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/11/12 7:54 p.m.21 views

matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Details The Matrix specification demands...

5.3CVSS8.9AI score0.00835EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/11/12 4:38 p.m.43 views

CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS0.00835EPSS
Exploits0References2
CVE
CVE
added 2024/11/12 4:38 p.m.135 views

CVE-2024-50336

CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...

5.3CVSS6.5AI score0.00835EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.1 views

PT-2024-34149

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 34.11.0 Description: The issue concerns a client-side path traversal vulnerability via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated G...

9.8CVSS7.5AI score0.32568EPSS
Exploits6References227
FreeBSD
FreeBSD
added 2024/11/12 12:0 a.m.11 views

Matrix clients -- mxc uri validation in js sdk

matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver...

5.3CVSS6.9AI score0.00835EPSS
Exploits0References1
Rows per page
Query Builder