Description
Events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer’s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.
Recommendation
Update the matrix-js-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): < 19.4.0
- Patched version(s): 19.4.0
References
Related Issues
- matrix-js-sdk has insufficient validation when considering a room to be upgraded by another - CVE-2025-59160
- matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal - CVE-2024-50336
- @langchain/community SQL Injection vulnerability - CVE-2024-7042
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- matrix-js-sdk
Anything's wrong? Let us know Last updated on March 28, 2023