CVE-2024-42347

Affects matrix-react-sdk (Matrix web client component). A malicious homeserver could manipulate a user’s account data to enable URL previews in end-to-end encrypted rooms, causing URLs from encrypted messages to be sent to the server. This is mitigated by upgrading to matrix-react-sdk version 3.1...