Lucene search
K

91 matches found

OSV
OSV
added 2025/01/02 12:14 a.m.7 views

MAL-2025-3 Malicious code in safe-apps-react-sdk (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4844f797621f2cd62b20851643278b7d27cfc2ca46fdd1485383cd7818d5c0a8 Any computer that has this package install...

7AI score
Exploits0References3
Cvelist
Cvelist
added 2024/11/12 4:34 p.m.23 views

CVE-2024-51750 Element allows a malicious homeserver can modify events leading to unrenderable events or rooms

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...

5CVSS0.00476EPSS
Exploits0References2
CVE
CVE
added 2024/11/12 4:34 p.m.47 views

CVE-2024-51750

CVE-2024-51750 affects Element Web/Desktop prior to version 1.11.85. A malicious homeserver can send invalid messages over federation, which can prevent rendering of single messages or the entire room containing them. The issue is documented across multiple feeds, with remediation implemented in ...

5CVSS5.1AI score0.00476EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 4:34 p.m.15 views

CVE-2024-51750 Element allows a malicious homeserver can modify events leading to unrenderable events or rooms

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...

5CVSS6.9AI score0.00476EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/12 4:34 p.m.17 views

CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/12 4:34 p.m.20 views

CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS7.2AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 4:34 p.m.13 views

CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS6.6AI score0.0033EPSS
Exploits0References4
Veracode
Veracode
added 2024/10/23 6:24 a.m.5 views

Key Injection

matrix-react-sdk is vulnerable to Key Injection. The vulnerability is due to the SDK sharing historical message keys on invite, allowing a malicious homeserver to inject a malicious device and steal message keys when a user invites another user to a room...

8.7CVSS6.6AI score0.0066EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/10/15 6:11 p.m.8 views

GHSA-QCVH-P9JQ-WP8V Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room

Impact matrix-react-sdk before 3.102.0 allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared...

8.7CVSS6.2AI score0.0066EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/10/15 6:11 p.m.20 views

Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room

Impact matrix-react-sdk before 3.102.0 allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared...

8.7CVSS6.5AI score0.0066EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/15 3:40 p.m.21 views

CVE-2024-47824 Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...

8.7CVSS7.1AI score0.0066EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/15 3:40 p.m.21 views

CVE-2024-47824 Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...

8.7CVSS0.0066EPSS
Exploits0References3
OSV
OSV
added 2024/10/15 3:40 p.m.13 views

CVE-2024-47824 Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...

8.7CVSS6.9AI score0.0066EPSS
Exploits0References5
CVE
CVE
added 2024/10/15 3:40 p.m.56 views

CVE-2024-47824

Summary: CVE-2024-47824 affects matrix-react-sdk. Versions 3.18.0 through

8.7CVSS7.1AI score0.0066EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.4 views

matrix-react-sdk 信息泄露漏洞

matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. An information disclosure vulnerability exists in matrix-react-sdk, which stems from the fact that matrix-react-sdk shares a history message key at invite time...

8.7CVSS6AI score0.0066EPSS
Exploits0References4
Veracode
Veracode
added 2024/08/07 4:32 a.m.29 views

Information Disclosure

matrix-react-sdk is vulnerable to Information Disclosure. The vulnerability is due to a malicious homeserver manipulating a user's account data to enable URL previews in encrypted rooms, causing any URLs in encrypted messages to be sent to the server. Attackers can use this to intercept URLs in...

7.7CVSS6.8AI score0.00427EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/06 5:16 p.m.17 views

CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

7.7CVSS6.7AI score0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/06 5:16 p.m.44 views

CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

7.7CVSS0.00427EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/08/06 2:12 p.m.7 views

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2024-42347 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2024-42347 Source advisory: OSV:GHSA-F83W-WQHC-CFP4...

7.7CVSS5.8AI score0.00427EPSS
Exploits0
OSV
OSV
added 2024/08/06 2:12 p.m.38 views

GHSA-F83W-WQHC-CFP4 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver

Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...

5.1CVSS6.6AI score0.00427EPSS
Exploits0References4
Rows per page
Query Builder