0.36.1
9 years ago
27 days ago
Known vulnerabilities in the matrix-appservice-irc package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Information Exposure due to improper verification of user permissions before constructing a reply to an event. An attacker can leak the truncated body of a message by sending a Matrix reply to an event ID they do not have access to. Note: This works if the attacker knows the event ID and is joined to both the Matrix room and the IRC channel it is bridged to. How to fix Information Exposure? A fix was pushed into the | * |
matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Information Exposure via events that can be crafted to leak parts of targeted messages from other bridged rooms. Note: This is exploitable only when knowing an event ID to target. How to fix Information Exposure? A fix was pushed into the | * |
matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Command Injection when crafting a command with newlines which would then be run by the How to fix Command Injection? A fix was pushed into the | * |
matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to SQL Injection via the How to fix SQL Injection? Upgrade | <0.35.1 |
matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to improper string characters validation, which makes it possible to provide a maliciously crafted string that would confuse the bridge into combining an attacker-owned channel and an existing channel, which allows granting permissions in the channel. How to fix Incorrect Privilege Assignment? Upgrade | <0.35.0 |
matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Improper Access Control due to improper parsing of modes bug in the upstream How to fix Improper Access Control? Upgrade | <0.35.0 |