15 matches found
EUVD-2021-1248
Malware in sbrugna...
CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
CVE-2025-59160
The CVE-2025-59160 entry concerns the Matrix JavaScript SDK (matrix-js-sdk) prior to version 38.2.0, where MatrixClient::getJoinedRooms performs insufficient validation of room predecessor links. This can allow a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-s...
CVE-2021-32659
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...
SUSE CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
UBUNTU-CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
matrix-js-sdk 安全漏洞
matrix-js-sdk is an application component of Matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 34.2.0, which stems from a malicious home server that can craft a room or room structure so that the predecessor forms a loop, and the getRoomUpgradeHistory function...
[ASA-202106-51] matrix-appservice-irc: insufficient validation
Arch Linux Security Advisory ASA-202106-51 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2021-32659 Package : matrix-appservice-irc Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-2076 Summary ======= The package...
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Impact If a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create...
GHSA-35G4-QX3C-VJHX Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Impact If a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create...
CVE-2021-32659
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...
CVE-2021-32659
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...
CVE-2021-32659
CVE-2021-32659 affects matrix-appservice-bridge (versions 2.6.0 and earlier). When room upgrade handling is enabled via roomUpgradeOpts, an m.room.tombstone event can unbridge the current room and bridge into a target room without verifying the predecessor in the target m.room.create, enabling a ...
CVE-2021-32659 Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...
Matrix-appservice-bridge 访问控制错误漏洞
Matrix-appservice-bridge is an open source service. It is used for bridging application services for the Matrix communication program. A security vulnerability exists in Matrix-appservice-bridge, which stems from the fact that in version 2.6.0 and earlier, if the bridge is configured with room...