Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1248

Malware in sbrugna...

6.5CVSS5.4AI score0.00936EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/16 4:37 p.m.6 views

CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 4:37 p.m.24 views

CVE-2025-59160

The CVE-2025-59160 entry concerns the Matrix JavaScript SDK (matrix-js-sdk) prior to version 38.2.0, where MatrixClient::getJoinedRooms performs insufficient validation of room predecessor links. This can allow a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-s...

6.9CVSS6.5AI score0.00227EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.7 views

CVE-2021-32659

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

6.5CVSS6.7AI score0.00936EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/08/28 2:26 a.m.2 views

SUSE CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

5.3CVSS7.1AI score0.00455EPSS
Exploits0References2
OSV
OSV
added 2024/08/20 3:15 p.m.1 views

UBUNTU-CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

5.3CVSS5.8AI score0.00455EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.3 views

matrix-js-sdk 安全漏洞

matrix-js-sdk is an application component of Matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 34.2.0, which stems from a malicious home server that can craft a room or room structure so that the predecessor forms a loop, and the getRoomUpgradeHistory function...

5.3CVSS6.6AI score0.00455EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2021/06/22 12:0 a.m.188 views

[ASA-202106-51] matrix-appservice-irc: insufficient validation

Arch Linux Security Advisory ASA-202106-51 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2021-32659 Package : matrix-appservice-irc Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-2076 Summary ======= The package...

6.5CVSS1.1AI score0.00936EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/06/21 5:9 p.m.45 views

Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Impact If a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create...

6.5CVSS0.6AI score0.00936EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/06/21 5:9 p.m.19 views

GHSA-35G4-QX3C-VJHX Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Impact If a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create...

6.5CVSS5.5AI score0.00936EPSS
Exploits0References5
NVD
NVD
added 2021/06/16 7:15 p.m.10 views

CVE-2021-32659

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

6.5CVSS0.00936EPSS
Exploits0References3
OSV
OSV
added 2021/06/16 7:15 p.m.12 views

CVE-2021-32659

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

4.9CVSS6.7AI score
Exploits0References3
CVE
CVE
added 2021/06/16 6:45 p.m.70 views

CVE-2021-32659

CVE-2021-32659 affects matrix-appservice-bridge (versions 2.6.0 and earlier). When room upgrade handling is enabled via roomUpgradeOpts, an m.room.tombstone event can unbridge the current room and bridge into a target room without verifying the predecessor in the target m.room.create, enabling a ...

6.5CVSS5.1AI score0.00936EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/06/16 6:45 p.m.15 views

CVE-2021-32659 Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

6.5CVSS6.6AI score0.00936EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.4 views

Matrix-appservice-bridge 访问控制错误漏洞

Matrix-appservice-bridge is an open source service. It is used for bridging application services for the Matrix communication program. A security vulnerability exists in Matrix-appservice-bridge, which stems from the fact that in version 2.6.0 and earlier, if the bridge is configured with room...

6.5CVSS5.9AI score0.00936EPSS
Exploits0References3
Rows per page
Query Builder