matrix-js-sdk@23.1.0-rc.2 vulnerabilities
Matrix Client-Server SDK for Javascript
-
latest version
34.12.0
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
6 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Directory Traversal via crafted MXC URIs. An attacker can issue arbitrary authenticated GET requests to the client's homeserver by exploiting insufficient validation of the How to fix Directory Traversal? Upgrade |
<34.11.1
|
matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Improper Authentication through the Note: This vulnerability does not affect users using the new Rust cryptography stack (i.e., those that call How to fix Improper Authentication? Upgrade |
>=9.11.0 <34.8.0
|
matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Uncontrolled Recursion via the How to fix Uncontrolled Recursion? Upgrade |
<34.3.1
|
matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Missing Authorization which can lead to invisible eavesdropping in group calls, on the video and audio of participants without their knowledge. The attacker will not appear to be participating in the call. Notes: Legacy 1:1 calls are unaffected. How to fix Missing Authorization? Upgrade |
<24.1.0
|
matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Prototype Pollution such that events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note: The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. How to fix Prototype Pollution? Upgrade |
<24.0.0
|