matrix-react-sdk@3.100.0-rc.0 vulnerabilities

SDK for matrix.org using React

latest version

3.114.0
latest non vulnerable version

3.114.0
first published

9 years ago
latest version published

17 days ago
licenses detected
- Apache-2.0
  >=0.0.1 <3.110.0-rc.1
View matrix-react-sdk package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the matrix-react-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Information Exposure matrix-react-sdk is a SDK for matrix.org using React Affected versions of this package are vulnerable to Information Exposure via the `sendSharedHistoryKeys` method. An attacker can potentially steal message keys for a room by injecting a malicious device controlled by the homeserver. How to fix Information Exposure? Upgrade `matrix-react-sdk` to version 3.102.0 or higher.	>=3.18.0 <3.102.0
M Exposure of Private Personal Information to an Unauthorized Actor matrix-react-sdk is a SDK for matrix.org using React Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via a malicious homeserver, allowing an attacker to change the user's account data and cause the client to enable URL previews in end-to-end encrypted rooms. Exploiting this vulnerability causes any URLs in encrypted messages to be sent to the server. How to fix Exposure of Private Personal Information to an Unauthorized Actor? Upgrade `matrix-react-sdk` to version 3.105.1 or higher.	<3.105.1

Information Exposure

matrix-react-sdk is a SDK for matrix.org using React

Affected versions of this package are vulnerable to Information Exposure via the sendSharedHistoryKeys method. An attacker can potentially steal message keys for a room by injecting a malicious device controlled by the homeserver.

How to fix Information Exposure?

Upgrade matrix-react-sdk to version 3.102.0 or higher.

>=3.18.0 <3.102.0

Exposure of Private Personal Information to an Unauthorized Actor

matrix-react-sdk is a SDK for matrix.org using React

Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via a malicious homeserver, allowing an attacker to change the user's account data and cause the client to enable URL previews in end-to-end encrypted rooms. Exploiting this vulnerability causes any URLs in encrypted messages to be sent to the server.

How to fix Exposure of Private Personal Information to an Unauthorized Actor?

Upgrade matrix-react-sdk to version 3.105.1 or higher.

<3.105.1

Go back to all versions of this package

matrix-react-sdk@3.100.0-rc.0 vulnerabilities

SDK for matrix.org using React

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities