Improper beacon events in matrix-js-sdk can result in availability issues
- Severity:
- Medium
Description
Improperly formed beacon events (from MSC3488) can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer’s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.
Recommendation
Update the matrix-js-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): >= 17.1.0-rc.1, < 19.7.0
- Patched version(s): 19.7.0
References
Related Issues
- matrix-js-sdk subject to impersonated messages due to permissive key forwarding - CVE-2022-39249
- matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion - CVE-2022-39251
- matrix-js-sdk Prototype Pollution vulnerability - CVE-2022-36059
- matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver - CVE-2021-40823
- Tags:
- npm
- matrix-js-sdk
Anything's wrong? Let us know Last updated on January 30, 2023