matrix-react-sdk@3.76.0-rc.1 vulnerabilities
SDK for matrix.org using React
-
latest version
3.114.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
17 days ago
-
licenses detected
- >=0.0.1 <3.110.0-rc.1
Direct Vulnerabilities
Known vulnerabilities in the matrix-react-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
matrix-react-sdk is a SDK for matrix.org using React Affected versions of this package are vulnerable to Information Exposure via the How to fix Information Exposure? Upgrade |
>=3.18.0 <3.102.0
|
matrix-react-sdk is a SDK for matrix.org using React Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via a malicious homeserver, allowing an attacker to change the user's account data and cause the client to enable URL previews in end-to-end encrypted rooms. Exploiting this vulnerability causes any URLs in encrypted messages to be sent to the server. How to fix Exposure of Private Personal Information to an Unauthorized Actor? Upgrade |
<3.105.1
|
matrix-react-sdk is a SDK for matrix.org using React Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Export Chat feature, which includes certain attacker-controlled elements in the generated document without sufficient escaping. Note:
An attacker can only inject code run from the How to fix Cross-site Scripting (XSS)? Upgrade |
>=3.32.0 <3.76.0
|