7 matches found
CVE-2022-29166
CVE-2022-29166 affects matrix-appservice-irc (Node.js IRC bridge). The underlying issue in node-irc allows an attacker to make a Matrix user execute IRC commands by replying to a maliciously crafted message. A patch is available in matrix-appservice-irc 0.33.2. Guidance in disclosures urges not t...
CVE-2022-39203
The CVE-2022-39203 entry concerns matrix-appservice-irc (Matrix’s Node.js IRC bridge). A crafted string can cause the bridge to merge an attacker-owned channel with an existing channel, enabling the attacker to grant themselves channel permissions. This has been fixed in matrix-appservice-irc ver...
CVE-2025-27146
Summary (CVE-2025-27146): The Matrix-based bridge matrix-appservice-irc (Node.js) up to version 3.0.3 contains a vulnerability that allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user. The issue is resolved in version 3.0.4. Multiple connected sources corrob...
CVE-2023-38700
CVE-2023-38700 affects matrix-appservice-irc (Node.js IRC bridge for Matrix). Before version 1.0.1, an attacker could craft an event to leak part of a targeted message from another bridged room, requiring knowledge of an event ID. The issue is fixed in version 1.0.1n. As a workaround, deployments...
CVE-2022-3971
Summary (CVE-2022-3971) : A SQL injection vulnerability exists in matrix-appservice-irc up to version 0.35.1, in an unknown portion of the code path that handles the argument roomIds within PgDataStore.ts . The issue is exploitable via untrusted input and is described as a critical risk in multip...
CVE-2023-38690
CVE-2023-38690 affects matrix-appservice-irc (Node.js IRC bridge for Matrix). Before version 1.0.1, an attacker could craft a command containing newlines that would not be parsed correctly, allowing a string of commands to be passed as a channel name and executed by the IRC bridge bot. Affected v...
CVE-2022-39202
CVE-2022-39202 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. A bug in the underlying matrix-org/node-irc library can cause IRC mode commands with multiple modes to be parsed incorrectly, potentially granting privileges to the wrong user. Exploitation requires the attacker to tri...