Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/matrix-react-sdk@3.105.1
purl pkg:npm/matrix-react-sdk@3.105.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-k3ft-j7d1-nkh7 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver ### Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 ([AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N&version=3.1)) the maintainer classifies this as High severity issue. ### Patches This was patched in matrix-react-sdk 3.105.1. ### Workarounds Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. ### References N/A. CVE-2024-42347
GHSA-f83w-wqhc-cfp4

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T12:39:50.812174+00:00 GitLab Importer Fixing VCID-k3ft-j7d1-nkh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/matrix-react-sdk/CVE-2024-42347.yml 38.0.0
2026-04-01T16:06:08.699281+00:00 GHSA Importer Fixing VCID-k3ft-j7d1-nkh7 https://github.com/advisories/GHSA-f83w-wqhc-cfp4 38.0.0
2026-04-01T12:50:40.646388+00:00 GithubOSV Importer Fixing VCID-k3ft-j7d1-nkh7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-f83w-wqhc-cfp4/GHSA-f83w-wqhc-cfp4.json 38.0.0