matrix-js-sdk@10.0.0-rc.1 vulnerabilities

Matrix Client-Server SDK for Javascript

Direct Vulnerabilities

Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Directory Traversal

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Directory Traversal via crafted MXC URIs. An attacker can issue arbitrary authenticated GET requests to the client's homeserver by exploiting insufficient validation of the server-name and media-id components in MXC URIs.

How to fix Directory Traversal?

Upgrade matrix-js-sdk to version 34.11.1 or higher.

<34.11.1
  • H
Improper Authentication

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Improper Authentication through the sendSharedHistoryKeys method. An attacker can intercept and obtain sensitive historical keys by injecting malicious devices into the communication without proper verification of the user's cryptographic identity. This is only exploitable if the client is running the legacy crypto stack.

Note:

This vulnerability does not affect users using the new Rust cryptography stack (i.e., those that call MatrixClient.initRustCrypto() instead of MatrixClient.initCrypto()).

How to fix Improper Authentication?

Upgrade matrix-js-sdk to version 34.8.0 or higher.

>=9.11.0 <34.8.0
  • M
Uncontrolled Recursion

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Uncontrolled Recursion via the getRoomUpgradeHistory function. An attacker can cause the application to hang by crafting a room or room structure with cyclical predecessors.

How to fix Uncontrolled Recursion?

Upgrade matrix-js-sdk to version 34.3.1 or higher.

<34.3.1
  • M
Missing Authorization

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Missing Authorization which can lead to invisible eavesdropping in group calls, on the video and audio of participants without their knowledge. The attacker will not appear to be participating in the call.

Notes: Legacy 1:1 calls are unaffected.

How to fix Missing Authorization?

Upgrade matrix-js-sdk to version 24.1.0 or higher.

<24.1.0
  • H
Prototype Pollution

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Prototype Pollution such that events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely.

Note: The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.

How to fix Prototype Pollution?

Upgrade matrix-js-sdk to version 24.0.0 or higher.

<24.0.0
  • H
Key Exchange without Entity Authentication

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Key Exchange without Entity Authentication. An attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one.

How to fix Key Exchange without Entity Authentication?

Upgrade matrix-js-sdk to version 19.7.0 or higher.

<19.7.0
  • H
Authentication Bypass

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Authentication Bypass. An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver.

How to fix Authentication Bypass?

Upgrade matrix-js-sdk to version 19.7.0 or higher.

<19.7.0
  • M
Key Exchange without Entity Authentication

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Key Exchange without Entity Authentication. An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end.

How to fix Key Exchange without Entity Authentication?

Upgrade matrix-js-sdk to version 19.7.0 or higher.

<19.7.0
  • H
Man-in-the-Middle (MitM)

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). A logic error in the room key sharing functionality allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.

How to fix Man-in-the-Middle (MitM)?

Upgrade matrix-js-sdk to version 12.4.1 or higher.

<12.4.1
  • M
Information Exposure

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Information Exposure. It may be possible to trick vulnerable clients into disclosing encryption keys for messages previously sent by that client to user accounts later compromised by an attacker.

How to fix Information Exposure?

Upgrade matrix-js-sdk to version 12.4.1 or higher.

<12.4.1