PT-2022-24830 · Unknown+10 · Matrix Javascript Sdk+10

Turt2Live

·

Published

2022-09-28

·

Updated

2025-09-29

·

CVE-2022-39236

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Matrix Javascript SDK versions 17.1.0-rc.1 through 19.6.x
Description The issue arises from improperly formed beacon events, which can disrupt the matrix-js-sdk's functionality, potentially impacting the consumer's ability to process data safely. The matrix-js-sdk may appear to operate normally but could be excluding or corrupting runtime data presented to the consumer.
Recommendations For versions 17.1.0-rc.1 through 19.6.x, update to version 19.7.0 to resolve the issue. As a temporary workaround, consider redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2022:7178
ALSA-2022:7190
ALSA-2025_16880
ALT-PU-2022-2747
ALT-PU-2022-3046
ALT-PU-2023-1137
ALT-PU-2023-4335
CESA-2022_7190
CVE-2022-39236
GHSA-HVV8-5V86-R45X
MGASA-2022-0355
OPENSUSE-SU-2022_3800-1
OPENSUSE-SU-2024:12374-1
OPENSUSE-SU-2024:12375-1
OPENSUSE-SU-2024:12379-1
RHSA-2022:7178
RHSA-2022:7181
RHSA-2022:7182
RHSA-2022:7183
RHSA-2022:7184
RHSA-2022:7190
RHSA-2022_7178
RHSA-2022_7184
RHSA-2022_7190
RLSA-2022:7190
SUSE-SU-2022:3800-1
USN-5724-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Matrix Javascript Sdk
Red Hat
Rocky Linux
Suse
Ubuntu