matrix-js-sdk@34.2.0 vulnerabilities

Matrix Client-Server SDK for Javascript

Direct Vulnerabilities

Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Uncontrolled Recursion

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Uncontrolled Recursion via the getRoomUpgradeHistory function. An attacker can cause the application to hang by crafting a room or room structure with cyclical predecessors.

How to fix Uncontrolled Recursion?

Upgrade matrix-js-sdk to version 34.3.1 or higher.

<34.3.1