matrix-appservice-irc@0.35.1 vulnerabilities

An IRC Bridge for Matrix

latest version

0.36.0
first published

9 years ago
latest version published

2 years ago
licenses detected
- Apache-2.0
  >=0
View matrix-appservice-irc package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the matrix-appservice-irc package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Information Exposure matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Information Exposure due to improper verification of user permissions before constructing a reply to an event. An attacker can leak the truncated body of a message by sending a Matrix reply to an event ID they do not have access to. Note: This works if the attacker knows the event ID and is joined to both the Matrix room and the IRC channel it is bridged to. How to fix Information Exposure? A fix was pushed into the `master` branch but not yet published.	*
L Information Exposure matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Information Exposure via events that can be crafted to leak parts of targeted messages from other bridged rooms. Note: This is exploitable only when knowing an event ID to target. How to fix Information Exposure? A fix was pushed into the `master` branch but not yet published.	*
M Command Injection matrix-appservice-irc is an An IRC Bridge for Matrix Affected versions of this package are vulnerable to Command Injection when crafting a command with newlines which would then be run by the `IRC` bridge bot. This is because it is not properly parsed. How to fix Command Injection? A fix was pushed into the `master` branch but not yet published.	*