matrix-react-sdk@3.70.0 vulnerabilities
SDK for matrix.org using React
-
latest version
3.98.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
9 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the matrix-react-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
matrix-react-sdk is a SDK for matrix.org using React Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Export Chat feature, which includes certain attacker-controlled elements in the generated document without sufficient escaping. Note:
An attacker can only inject code run from the How to fix Cross-site Scripting (XSS)? Upgrade |
>=3.32.0 <3.76.0
|
matrix-react-sdk is a SDK for matrix.org using React Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') such that plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. Note: No cross-site scripting attack is possible due to the hardcoded content security policy. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade |
<3.71.0
|