Homepage

heisenbridge@1.14.3 vulnerabilities

a bouncer-style Matrix IRC bridge

  • latest version

    1.15.3

  • latest non vulnerable version

    1.15.3

  • first published

    3 years ago

  • latest version published

    4 months ago

  • licenses detected

  • View heisenbridge package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the heisenbridge package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Improper Neutralization of Line Delimiters

    heisenbridge is an a bouncer-style Matrix IRC bridge

    Affected versions of this package are vulnerable to Improper Neutralization of Line Delimiters due to insufficient sanitization, specifically, failure to strip carriage return characters, attackers can exploit it by injecting malicious commands via specially crafted messages. Affected versions are vulnerable to command injection in relay mode.

    How to fix Improper Neutralization of Line Delimiters?

    Upgrade heisenbridge to version 1.15.2 or higher.

    [,1.15.2)
    Go back to all versions of this package