MAL-2024-7965 Malicious code in iva-react-web-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94e079d8c7b731da869ff846e164d4a9c87faed0108d764e4048bde129a25f17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in uitk-react-experimental-button-tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74d35a0704d9415d237418973ea82b6c991e02af5b2381fc696268805ff39a30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in uitk-react-date-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6ee4dca1959ae6d3b5effe21716f2df3684ac2456897446d0b0706dd26265d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7999 Malicious code in uitk-react-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea103fb47eaf7b83ad10f5bbba8f4806de1cf066e8fce87deef49cdb0526a7bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in uitk-react-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea103fb47eaf7b83ad10f5bbba8f4806de1cf066e8fce87deef49cdb0526a7bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7982 Malicious code in react-hook-form-7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7657179ab2d7f76638491093d7c970bd9685b7228d96bf1014ee8ea15606c45a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8000 Malicious code in uitk-react-date-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6ee4dca1959ae6d3b5effe21716f2df3684ac2456897446d0b0706dd26265d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-hook-form-7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7657179ab2d7f76638491093d7c970bd9685b7228d96bf1014ee8ea15606c45a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in uitk-react-scrollable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15932e6247991a719ff0f98bbb3b9d13ffa6458ac4bce5835a7a691f8b52a6e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8001 Malicious code in uitk-react-experimental-button-tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74d35a0704d9415d237418973ea82b6c991e02af5b2381fc696268805ff39a30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8002 Malicious code in uitk-react-scrollable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15932e6247991a719ff0f98bbb3b9d13ffa6458ac4bce5835a7a691f8b52a6e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7981 Malicious code in react-bs4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78bc438299611b89dd8a16ca1b19661e9606898bbc7c61bebd4bfd59fe8c3134 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-bs4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78bc438299611b89dd8a16ca1b19661e9606898bbc7c61bebd4bfd59fe8c3134 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Information Disclosure

matrix-react-sdk is vulnerable to Information Disclosure. The vulnerability is due to a malicious homeserver manipulating a user's account data to enable URL previews in encrypted rooms, causing any URLs in encrypted messages to be sent to the server. Attackers can use this to intercept URLs in...

CVE-2024-42347

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

CVE-2024-42347

Affects matrix-react-sdk (Matrix web client component). A malicious homeserver could manipulate a user’s account data to enable URL previews in end-to-end encrypted rooms, causing URLs from encrypted messages to be sent to the server. This is mitigated by upgrading to matrix-react-sdk version 3.1...

CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

Malicious code in @taxify/react-api-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2024-7902 Malicious code in @taxify/react-api-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...