matrix-appservice-irc@0.36.0 vulnerabilities

An IRC Bridge for Matrix

Direct Vulnerabilities

Known vulnerabilities in the matrix-appservice-irc package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

matrix-appservice-irc is an An IRC Bridge for Matrix

Affected versions of this package are vulnerable to Information Exposure due to improper verification of user permissions before constructing a reply to an event. An attacker can leak the truncated body of a message by sending a Matrix reply to an event ID they do not have access to.

Note: This works if the attacker knows the event ID and is joined to both the Matrix room and the IRC channel it is bridged to.

How to fix Information Exposure?

A fix was pushed into the master branch but not yet published.

*
  • L
Information Exposure

matrix-appservice-irc is an An IRC Bridge for Matrix

Affected versions of this package are vulnerable to Information Exposure via events that can be crafted to leak parts of targeted messages from other bridged rooms. Note: This is exploitable only when knowing an event ID to target.

How to fix Information Exposure?

A fix was pushed into the master branch but not yet published.

*
  • M
Command Injection

matrix-appservice-irc is an An IRC Bridge for Matrix

Affected versions of this package are vulnerable to Command Injection when crafting a command with newlines which would then be run by the IRC bridge bot. This is because it is not properly parsed.

How to fix Command Injection?

A fix was pushed into the master branch but not yet published.

*