CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28427 – Prototype pollution in matrix-js-sdk
https://notcve.org/view.php?id=CVE-2023-28427
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. • https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0 https://security.gentoo.org/glsa/202305-36 https://www.debian.org/security/2023/dsa-5392 https://access.redhat.com/security/cve/CVE-2023-28427 https://bugzilla.redhat.com/show_bug.cgi?id=2183278 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41952 – Uncontrolled Resource Consumption in Matrix Synapse
https://notcve.org/view.php?id=CVE-2022-41952
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. • https://github.com/matrix-org/synapse/pull/11784 https://github.com/matrix-org/synapse/pull/11936 https://github.com/matrix-org/synapse/releases/tag/v1.52.0 https://github.com/matrix-org/synapse/releases/tag/v1.53.0 https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3971 – matrix-appservice-irc PgDataStore.ts sql injection
https://notcve.org/view.php?id=CVE-2022-3971
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. • https://github.com/matrix-org/matrix-appservice-irc/commit/179313a37f06b298150edba3e2b0e5a73c1415e7 https://github.com/matrix-org/matrix-appservice-irc/pull/1619 https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.36.0 https://vuldb.com/?id.213550 • CWE-707: Improper Neutralization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39254 – When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
https://notcve.org/view.php?id=CVE-2022-39254
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue. matrix-nio es una librería cliente de Matrix en Python, diseñada según los principios de sans I/O. • https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh • CWE-287: Improper Authentication CWE-322: Key Exchange without Entity Authentication •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39252 – When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
https://notcve.org/view.php?id=CVE-2022-39252
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue. matrix-rust-sdk es una implementación de una biblioteca cliente-servidor de Matrix en Rust, y matrix-sdk-crypto es la biblioteca de cifrado de Matrix. • https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0 https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm • CWE-287: Improper Authentication CWE-322: Key Exchange without Entity Authentication •