PT-2023-2100 · Unknown+5 · Matrix-Js-Sdk+5

Denis Kasak

Publicado

2023-03-28

Atualizado

2024-06-15

CVE-2023-28427

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions matrix-js-sdk versions prior to 24.0.0

Description The issue is related to events sent with special strings in key places, which can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is a distinct issue from others that may cover similar problems.

Recommendations For versions prior to 24.0.0, upgrade to version 24.0.0 or later to resolve the issue. There are no known workarounds for this vulnerability.

Exploit

Correção

DoS

Prototype Pollution

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1321

Identificadores relacionados

ALSA-2023:1802

ALSA-2023:1809

BDU:2023-01835

CESA-2023_1802

CESA-2023_1806

CVE-2023-28427

DLA-3400-1

DSA-5392-1

GHSA-MWQ8-FJPF-C2GR

MGASA-2023-0132

OPENSUSE-SU-2024:12823-1

OPENSUSE-SU-2024:12852-1

RHSA-2023:1802

RHSA-2023:1803

RHSA-2023:1804

RHSA-2023:1805

RHSA-2023:1806

RHSA-2023:1809

RHSA-2023:1810

RHSA-2023:1811

RHSA-2023_1802

RHSA-2023_1806

RHSA-2023_1809

RLSA-2023:1802

RLSA-2023:1809

SUSE-SU-2023:1736-1

Produtos afetados

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Matrix-Js-Sdk

PT-2023-2100 · Unknown+5 · Matrix-Js-Sdk+5

CVE-2023-28427

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 110