Matrix JavaScript SDK's key history sharing could share keys to malicious devices
- Severity:
- High
Description
In matrix-js-sdk versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method implements functionality proposed in MSC3061 and can be used by clients to share historical message keys with newly invited users, granting them access to past messages in the room.
Recommendation
Update the matrix-js-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): >= 9.11.0, < 34.8.0
- Patched version(s): 34.8.0
References
Related Issues
- matrix-js-sdk has insufficient validation when considering a room to be upgraded by another - CVE-2025-59160
- Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers - CVE-2025-31137
- matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal - CVE-2024-50336
- matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor - CVE-2024-42369
- Tags:
- npm
- matrix-js-sdk
Anything's wrong? Let us know Last updated on October 15, 2024