Homepage
About Snyk

matrix-js-sdk@34.4.0 vulnerabilities

Matrix Client-Server SDK for Javascript

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Authentication

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Improper Authentication through the sendSharedHistoryKeys method. An attacker can intercept and obtain sensitive historical keys by injecting malicious devices into the communication without proper verification of the user's cryptographic identity. This is only exploitable if the client is running the legacy crypto stack.

Note:

This vulnerability does not affect users using the new Rust cryptography stack (i.e., those that call MatrixClient.initRustCrypto() instead of MatrixClient.initCrypto()).

How to fix Improper Authentication?

Upgrade matrix-js-sdk to version 34.8.0 or higher.

>=9.11.0 <34.8.0
Go back to all versions of this package