Improper beacon events in matrix-js-sdk can result in availability issues
- Severity:
- Medium
Description
Improperly formed beacon events (from MSC3488) can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer’s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.
Recommendation
Update the matrix-js-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): >= 17.1.0-rc.1, < 19.7.0
- Patched version(s): 19.7.0
References
Related Issues
- Volto affected by possible DoS by invoking specific URL by anonymous user - CVE-2025-58047
- Elliptic's ECDSA missing check for whether leading bit of r and s is zero - CVE-2024-42460
- matrix-js-sdk has insufficient validation when considering a room to be upgraded by another - CVE-2025-59160
- Potential DoS when using ContextLines integration (GHSA-r5w7-f542-q2j4) 10 - Vulnerability
- Tags:
- npm
- matrix-js-sdk
Anything's wrong? Let us know Last updated on January 30, 2023