Search for packages
| purl | pkg:npm/matrix-js-sdk@2.4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6x8d-d7vv-gfd1
Aliases: CVE-2022-39249 GHSA-6263-x97c-c4gg |
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server. |
Affected by 5 other vulnerabilities. |
|
VCID-92vz-qfb6-afbc
Aliases: CVE-2021-40823 GHSA-23cm-x6j7-6hq3 |
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients. |
Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-c1j3-dnkk-jyfu
Aliases: CVE-2023-28427 GHSA-mwq8-fjpf-c2gr |
Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack. |
Affected by 4 other vulnerabilities. |
|
VCID-fmek-2uu1-g7df
Aliases: CVE-2022-39250 GHSA-5w8r-8pgj-5jmf |
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device. |
Affected by 5 other vulnerabilities. |
|
VCID-jmyx-8tka-93a2
Aliases: CVE-2022-39251 GHSA-r48r-j8fx-mq2c |
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. An adversary could spoof historical messages from other users. Additionally, a malicious key backup to the user's account under certain unusual conditions in order to exfiltrate message keys. |
Affected by 5 other vulnerabilities. |
|
VCID-ph8d-xhsk-73g2
Aliases: CVE-2022-36059 GHSA-rfv9-x7hh-xc32 |
Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack. An adversary sharing a room with a user had the ability to carry out an attack against affected clients, making it not show all of a user's rooms or spaces and/or causing minor temporary corruption. |
Affected by 9 other vulnerabilities. |
|
VCID-ve2n-z3v4-p7gj
Aliases: CVE-2023-29529 GHSA-6g67-q39g-r79q |
matrix-js-sdk vulnerable to invisible eavesdropping in group calls ### Impact An attacker present in a room where an [MSC3401](https://github.com/matrix-org/matrix-spec-proposals/pull/3401) group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. ### Workarounds Users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present. |
Affected by 3 other vulnerabilities. |
|
VCID-xdp5-wxc4-6bbk
Aliases: CVE-2024-50336 GHSA-xvg8-m4x3-w6xr |
The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal. matrix-js-sdk fails to perform this validation. |
Affected by 0 other vulnerabilities. |
|
VCID-xfav-6f5n-sudb
Aliases: CVE-2024-42369 GHSA-vhr5-g3pm-49fm |
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor ### Impact A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's `getRoomUpgradeHistory` function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. Even if the CVSS score would be 4.1 ([AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L&version=3.1)) we classify this as High severity issue. ### Patches This was patched in matrix-js-sdk 34.3.1. ### Workarounds Sanity check rooms before passing them to the matrix-js-sdk or avoid calling either `getRoomUpgradeHistory` or `leaveRoomChain`. ### References N/A. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||