Matrix Javascript SDK 0.10.0 Release Candidate 2

CPE Details

Matrix Javascript SDK 0.10.0 Release Candidate 2
matrix
javascript_sdk
0.10.0
2021-09-21
16h31 +00:00
2021-09-21
16h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:matrix:javascript_sdk:0.10.0:rc2:*:*:*:*:*:*

Informations

Vendor

matrix

Product

javascript_sdk

Version

0.10.0

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-42369 2024-08-20 14h37 +00:00 matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.
5.3
Medium
CVE-2021-40823 2021-09-13 16h45 +00:00 A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.
5.9
Medium