PT-2023-13454 · Unknown · Matrix-React-Sdk

Dkasak

Publicado

2023-03-28

Atualizado

2023-04-05

CVE-2022-36060

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions matrix-react-sdk versions prior to 3.53.0

Description Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered.

Recommendations For versions prior to 3.53.0, upgrade to matrix-react-sdk 3.53.0 to resolve the issue. As there are no known workarounds for this issue, upgrading to the fixed version is the recommended course of action.

Exploit

Correção

Prototype Pollution

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1321

Identificadores relacionados

CVE-2022-36060

GHSA-2X9C-QWGF-94XR

Produtos afetados

Matrix-React-Sdk

PT-2023-13454 · Unknown · Matrix-React-Sdk

CVE-2022-36060

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9