{"url":"http://public2.vulnerablecode.io/api/packages/380835?format=json","purl":"pkg:npm/matrix-react-sdk@3.69.0","type":"npm","namespace":"","name":"matrix-react-sdk","version":"3.69.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.71.0","latest_non_vulnerable_version":"3.105.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134540?format=json","vulnerability_id":"VCID-z47n-udef-kqgz","summary":"matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28103","reference_id":"","reference_type":"","scores":[{"value":"0.00762","scoring_system":"epss","scoring_elements":"0.73812","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28103"},{"reference_url":"https://github.com/matrix-org/matrix-react-sdk","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/matrix-org/matrix-react-sdk"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28103","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28103"},{"reference_url":"https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-6g43-88cp-w5gv","reference_id":"GHSA-6g43-88cp-w5gv","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:26:21Z/"}],"url":"https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-6g43-88cp-w5gv"},{"reference_url":"https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0","reference_id":"security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:26:21Z/"}],"url":"https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380835?format=json","purl":"pkg:npm/matrix-react-sdk@3.69.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/matrix-react-sdk@3.69.0"}],"aliases":["CVE-2023-28103","GHSA-6g43-88cp-w5gv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z47n-udef-kqgz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/matrix-react-sdk@3.69.0"}