Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 4:40 p.m.4 views

CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS6.6AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 8:18 p.m.5 views

GHSA-MP7C-M3RH-R56V matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...

6.9CVSS6.9AI score0.00227EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/16 8:18 p.m.8 views

matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...

6.9CVSS6.9AI score0.00227EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/09/16 5:15 p.m.5 views

CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS0.00227EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 5:15 p.m.3 views

DEBIAN-CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS5.5AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 5:15 p.m.3 views

UBUNTU-CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References4
CVE
CVE
added 2025/09/16 4:44 p.m.22 views

CVE-2025-59161

CVE-2025-59161 affects Element Web and Element Desktop prior to 1.11.112. The issue stems from insufficient validation of room predecessor links, which could allow a remote attacker to impermanently replace a room’s entry in the room list with an attacker-supplied room. The effect is described as...

6.9CVSS6.6AI score0.0038EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 4:37 p.m.1 views

CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS6.5AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 4:37 p.m.6 views

CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS6.5AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.17 views

PT-2025-38059

Name of the Vulnerable Software and Affected Versions: Element Web versions prior to 1.11.112 Element Desktop versions prior to 1.11.112 Description: Element Web and Element Desktop are susceptible to a room list manipulation issue due to insufficient validation of room predecessor links. A remot...

6.9CVSS6.3AI score0.0038EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-38058

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 38.2.0 Description: The Matrix JavaScript SDK has insufficient validation of room predecessor links in the MatrixClient::getJoinedRooms function, potentially allowing a remote attacker to replace a tombstoned...

6.9CVSS6.5AI score0.00227EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2024/08/20 6:35 p.m.15 views

matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor

Impact A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain' method, so...

5.3CVSS6.9AI score0.00455EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder