Homepage

matrix-js-sdk@37.12.0 vulnerabilities

Matrix Client-Server SDK for Javascript

  • latest version

    38.2.0

  • latest non vulnerable version

    38.3.0-rc.0

  • first published

    10 years ago

  • latest version published

    3 days ago

  • licenses detected

  • View matrix-js-sdk package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Missing Authorization

    matrix-js-sdk is a Matrix Client-Server SDK for Javascript

    Affected versions of this package are vulnerable to Missing Authorization via insufficient validation of room predecessor links in the getJoinedRooms function. An attacker can cause a user to join an attacker-controlled room by supplying a malicious predecessor link.

    How to fix Missing Authorization?

    Upgrade matrix-js-sdk to version 38.2.0 or higher.

    <38.2.0
    Go back to all versions of this package