org.matrix.android:matrix-android-sdk2@1.3.7 vulnerabilities
-
latest version
1.6.10
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
4 months ago
-
licenses detected
- [0.0.2,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.matrix.android:matrix-android-sdk2 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.matrix.android:matrix-android-sdk2 is a Matrix SDK for Android, extracted from the Element Android application. Affected versions of this package are vulnerable to Key Exchange without Entity Authentication due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. How to fix Key Exchange without Entity Authentication? Upgrade |
[,1.5.1)
|
org.matrix.android:matrix-android-sdk2 is a Matrix SDK for Android, extracted from the Element Android application. Affected versions of this package are vulnerable to Authentication Bypass due to a protocol confusion vulnerability that accepts to-device messages encrypted with How to fix Authentication Bypass? Upgrade |
[,1.5.1)
|