CPE-B9CAD2C6-9EAE-427B-9E0A-8AD72CAF07F3 Detail

CPE Details

Matrix Javascript SDK 8.4.0 Release Candidate 1

Vendor

matrix

Product

javascript_sdk

Version

8.4.0

Created

2021-09-21
16h31 +00:00

Modified

2021-09-21
16h37 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:matrix:javascript_sdk:8.4.0:rc1::::::

Informations

Vendor

matrix

Product

javascript_sdk

Version

8.4.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-42369	2024-08-20 14h37 +00:00	matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.	5.3	Medium
CVE-2021-44538	2021-12-14 12h26 +00:00	The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.	9.8	Critical
CVE-2021-40823	2021-09-13 16h45 +00:00	A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.	5.9	Medium

Matrix Javascript SDK 8.4.0 Release Candidate 1

CPE Details

CPE Name: cpe:2.3:a:matrix:javascript_sdk:8.4.0:rc1:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:matrix:javascript_sdk:8.4.0:rc1::::::