The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Information Exposure vulnerabilities in an interactive lesson.
Start learningA fix was pushed into the master
branch but not yet published.
matrix-appservice-irc is an An IRC Bridge for Matrix
Affected versions of this package are vulnerable to Information Exposure due to improper verification of user permissions before constructing a reply to an event. An attacker can leak the truncated body of a message by sending a Matrix reply to an event ID they do not have access to.
Note: This works if the attacker knows the event ID and is joined to both the Matrix room and the IRC channel it is bridged to.
This vulnerability can be mitigated by setting a reply template that doesn't contain the original message.