5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
16.9%
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for
JavaScript. In versions prior to 19.4.0 events sent with special strings in
key places can temporarily disrupt or impede the matrix-js-sdk from
functioning properly, potentially impacting the consumer’s ability to
process data safely. Note that the matrix-js-sdk can appear to be operating
normally but be excluding or corrupting runtime data presented to the
consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are
advised to upgrade. Users unable to upgrade may mitigate this issue by
redacting applicable events, waiting for the sync processor to store data,
and restarting the client. Alternatively, redacting the applicable events
and clearing all storage will often fix most perceived issues. In some
cases, no workarounds are possible.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | node-matrix-js-sdk | < any | UNKNOWN |
ubuntu | 22.04 | noarch | node-matrix-js-sdk | < any | UNKNOWN |
ubuntu | 23.10 | noarch | node-matrix-js-sdk | < any | UNKNOWN |
ubuntu | 24.04 | noarch | node-matrix-js-sdk | < any | UNKNOWN |
ubuntu | 18.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.22.04.1 | UNKNOWN |
github.com/matrix-org/matrix-js-sdk/commit/8716c1ab9ba93659173b806097c46a2be115199f (v19.4.0)
launchpad.net/bugs/cve/CVE-2022-36059
matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0
nvd.nist.gov/vuln/detail/CVE-2022-36059
security-tracker.debian.org/tracker/CVE-2022-36059
ubuntu.com/security/notices/USN-5663-1
www.cve.org/CVERecord?id=CVE-2022-36059
www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-36059
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
16.9%