Javascript Sdk Security Vulnerabilities and Issues — Javascript Sdk CVE List

MatrixJavascript Sdk

10 matches found

CVE•added 2023/03/28 8:32 p.m.•136 views

CVE-2023-28427

CVE-2023-28427 affects matrix-js-sdk (Node/JS Matrix client) prior to 24.0.0. Root cause cited as prototype pollution; impact described as disruption or corruption of runtime data, potentially affecting data processing. Patch is to upgrade to matrix-js-sdk 24.0.0; no public workarounds documented...

8.2CVSS8.3AI score0.00602EPSS

CVE•added 2022/09/29 12:0 a.m.•131 views

CVE-2022-39250

CVE-2022-39250 corresponds to a vulnerability in the Matrix JavaScript SDK (matrix-js-sdk) prior to version 19.7.0. The issue arises from checking and signing user identities and devices in two separate steps, and not consistently fixing the signing key between steps, enabling a malicious homeser...

8.6CVSS8AI score0.00294EPSS

CVE•added 2021/12/14 1:26 p.m.•130 views

CVE-2021-44538

CVE-2021-44538: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object state is partially controllable by the remote party; crafted messages can manipulate the receiver’s session so that, for some buffer sizes, a buffer overflow ...

9.8CVSS9.4AI score0.0238EPSS

CVE•added 2023/03/28 8:32 p.m.•129 views

CVE-2022-36059

CVE-2022-36059 affects the matrix-js-sdk (Matrix JavaScript client) in versions before 19.4.0, where events containing special strings in key places can temporarily disrupt the SDK’s operation and may corrupt runtime data presented to the consumer. The issue is fixed in matrix-js-sdk 19.4.0; upgr...

8.2CVSS6.7AI score0.00255EPSS

CVE•added 2022/09/28 12:0 a.m.•126 views

CVE-2022-39249

CVE-2022-39249 affects the Matrix Javascript SDK (matrix-js-sdk) prior to 19.7.0. A malicious homeserver can coordinate to craft messages that appear from another user due to a permissive key-forwarding policy. Starting with 19.7.0, the default policy was tightened to only accept forwarded keys i...

7.5CVSS7.9AI score0.00477EPSS

CVE•added 2022/09/28 12:0 a.m.•120 views

CVE-2022-39251

The CVE-2022-39251 vulnerability affects the Matrix Javascript SDK (matrix-js-sdk) prior to version 19.7.0. It stems from a protocol confusion bug that allowed to‑device messages encrypted with Megolm to be accepted as Olm, enabling an attacker coordinating with a malicious homeserver to craft me...

8.6CVSS8AI score0.00278EPSS

CVE•added 2022/09/28 12:0 a.m.•111 views

CVE-2022-39236

CVE-2022-39236 affects the Matrix JavaScript SDK (matrix-js-sdk). Starting with version 17.1.0-rc.1, improperly formed beacon events (MSC3488) can disrupt or impede the matrix-js-sdk’s operation, potentially preventing safe data processing. The SDK may appear functional while excluding or corrupt...

5.3CVSS6.2AI score0.00584EPSS

CVE•added 2021/09/13 6:45 p.m.•98 views

CVE-2021-40823

CVE-2021-40823 affects matrix-js-sdk and related Element client variants. A logic error in the room key sharing functionality prior to version 12.4.1 allows a malicious Matrix homeserver participating in an encrypted room to steal room encryption keys originally sent by affected clients, enabling...

5.9CVSS5.4AI score0.00162EPSS

CVE•added 2023/04/14 6:21 p.m.•54 views

CVE-2023-29529

Summary: CVE-2023-29529 affects matrix-js-sdk (Matrix Client-Server SDK for JavaScript/TypeScript) and describes a group-call eavesdropping vulnerability. The issue arises because the group call implementation accepts incoming direct calls from other users during an MSC3401 group call, even if th...

5.3CVSS4.9AI score0.00184EPSS

CVE•added 2024/08/20 2:37 p.m.•54 views

CVE-2024-42369

CVE-2024-42369 affects the matrix-js-sdk (JavaScript) where a malicious homeserver can craft a room structure whose predecessors form a cycle. This makes getRoomUpgradeHistory() recursively traverse and hang, and since this method is public and invoked by leaveRoomChain(), leaving a room can trig...

5.3CVSS4.5AI score0.00205EPSS