Description
Events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer’s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.
Recommendation
Update the matrix-js-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): < 19.4.0
- Patched version(s): 19.4.0
References
Related Issues
- Prototype pollution in matrix-js-sdk (part 2) - CVE-2023-28427
- matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification - CVE-2022-39250
- matrix-js-sdk subject to impersonated messages due to permissive key forwarding - CVE-2022-39249
- Improper beacon events in matrix-js-sdk can result in availability issues - CVE-2022-39236
- Tags:
- npm
- matrix-js-sdk
Anything's wrong? Let us know Last updated on March 28, 2023