matrix-js-sdk 34.2.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Missing Authorization matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Missing Authorization via insufficient validation of room predecessor links in the `getJoinedRooms` function. An attacker can cause a user to join an attacker-controlled room by supplying a malicious predecessor link. How to fix Missing Authorization? Upgrade `matrix-js-sdk` to version 38.2.0 or higher.	<38.2.0
M Directory Traversal matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Directory Traversal via crafted MXC URIs. An attacker can issue arbitrary authenticated GET requests to the client's homeserver by exploiting insufficient validation of the `server-name` and `media-id` components in MXC URIs. How to fix Directory Traversal? Upgrade `matrix-js-sdk` to version 34.11.1 or higher.	<34.11.1
H Improper Authentication matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Improper Authentication through the `sendSharedHistoryKeys` method. An attacker can intercept and obtain sensitive historical keys by injecting malicious devices into the communication without proper verification of the user's cryptographic identity. This is only exploitable if the client is running the legacy crypto stack. Note: This vulnerability does not affect users using the new Rust cryptography stack (i.e., those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`). How to fix Improper Authentication? Upgrade `matrix-js-sdk` to version 34.8.0 or higher.	>=9.11.0 <34.8.0
M Uncontrolled Recursion matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Uncontrolled Recursion via the `getRoomUpgradeHistory` function. An attacker can cause the application to hang by crafting a room or room structure with cyclical predecessors. How to fix Uncontrolled Recursion? Upgrade `matrix-js-sdk` to version 34.3.1 or higher.	<34.3.1

Vulnerability

Vulnerable Version

Missing Authorization

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Missing Authorization via insufficient validation of room predecessor links in the getJoinedRooms function. An attacker can cause a user to join an attacker-controlled room by supplying a malicious predecessor link.

How to fix Missing Authorization?

Upgrade matrix-js-sdk to version 38.2.0 or higher.

<38.2.0

Directory Traversal

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Directory Traversal via crafted MXC URIs. An attacker can issue arbitrary authenticated GET requests to the client's homeserver by exploiting insufficient validation of the server-name and media-id components in MXC URIs.

How to fix Directory Traversal?

Upgrade matrix-js-sdk to version 34.11.1 or higher.

<34.11.1

Improper Authentication

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Improper Authentication through the sendSharedHistoryKeys method. An attacker can intercept and obtain sensitive historical keys by injecting malicious devices into the communication without proper verification of the user's cryptographic identity. This is only exploitable if the client is running the legacy crypto stack.

Note:

This vulnerability does not affect users using the new Rust cryptography stack (i.e., those that call MatrixClient.initRustCrypto() instead of MatrixClient.initCrypto()).

How to fix Improper Authentication?

Upgrade matrix-js-sdk to version 34.8.0 or higher.

>=9.11.0 <34.8.0

Uncontrolled Recursion

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Uncontrolled Recursion via the getRoomUpgradeHistory function. An attacker can cause the application to hang by crafting a room or room structure with cyclical predecessors.

How to fix Uncontrolled Recursion?

Upgrade matrix-js-sdk to version 34.3.1 or higher.

<34.3.1

matrix-js-sdk@34.2.0 vulnerabilities

Matrix Client-Server SDK for Javascript

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically