4915 matches found
Malicious code in uitk-react-date-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6ee4dca1959ae6d3b5effe21716f2df3684ac2456897446d0b0706dd26265d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uitk-react-experimental-button-tabs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74d35a0704d9415d237418973ea82b6c991e02af5b2381fc696268805ff39a30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-hook-form-7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7657179ab2d7f76638491093d7c970bd9685b7228d96bf1014ee8ea15606c45a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8000 Malicious code in uitk-react-date-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6ee4dca1959ae6d3b5effe21716f2df3684ac2456897446d0b0706dd26265d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8002 Malicious code in uitk-react-scrollable (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15932e6247991a719ff0f98bbb3b9d13ffa6458ac4bce5835a7a691f8b52a6e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7982 Malicious code in react-hook-form-7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7657179ab2d7f76638491093d7c970bd9685b7228d96bf1014ee8ea15606c45a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7999 Malicious code in uitk-react-calendar (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea103fb47eaf7b83ad10f5bbba8f4806de1cf066e8fce87deef49cdb0526a7bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-bs4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78bc438299611b89dd8a16ca1b19661e9606898bbc7c61bebd4bfd59fe8c3134 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7981 Malicious code in react-bs4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78bc438299611b89dd8a16ca1b19661e9606898bbc7c61bebd4bfd59fe8c3134 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Information Disclosure
matrix-react-sdk is vulnerable to Information Disclosure. The vulnerability is due to a malicious homeserver manipulating a user's account data to enable URL previews in encrypted rooms, causing any URLs in encrypted messages to be sent to the server. Attackers can use this to intercept URLs in...
CVE-2024-42347
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
CVE-2024-42347
Affects matrix-react-sdk (Matrix web client component). A malicious homeserver could manipulate a user’s account data to enable URL previews in end-to-end encrypted rooms, causing URLs from encrypted messages to be sent to the server. This is mitigated by upgrading to matrix-react-sdk version 3.1...
MAL-2024-7902 Malicious code in @taxify/react-api-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in @taxify/react-api-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in @taxify/eslint-config-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5cff605dafce45695b36c5a3ca744b5187bab414e45e390d8e4ac966f6088573 The OpenSSF Package Analysis project identified '@taxify/eslint-config-react-native' @ 9.999.0 npm as malicious. It is considered malicious...
MAL-2024-7898 Malicious code in @taxify/eslint-config-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5cff605dafce45695b36c5a3ca744b5187bab414e45e390d8e4ac966f6088573 The OpenSSF Package Analysis project identified '@taxify/eslint-config-react-native' @ 9.999.0 npm as malicious. It is considered malicious...
matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2024-42347 via matrix-react-sdk (>=0.0.1 <=0.2.0)
matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2024-42347 Source advisory: OSV:GHSA-F83W-WQHC-CFP4...
GHSA-F83W-WQHC-CFP4 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...