Morguldir

**Name of the Vulnerable Software and Affected Versions** matrix-js-sdk versions prior to 34.3.1 **Description** A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The `getRoomUpgradeHistory` function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the `leaveRoomChain()` method, so leaving a room will also trigger the bug. **Recommendations** For versions prior to 34.3.1, update to version 34.3.1 to resolve the issue. As a temporary workaround, consider sanity checking rooms before passing them to the matrix-js-sdk or avoid calling either `getRoomUpgradeHistory` or `leaveRoomChain`.