PT-2023-2100 · Unknown+5 · Matrix-Js-Sdk+5

Denis Kasak

Published

2023-03-28

Updated

2024-06-15

CVE-2023-28427

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions matrix-js-sdk versions prior to 24.0.0

Description The issue is related to events sent with special strings in key places, which can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is a distinct issue from others that may cover similar problems.

Recommendations For versions prior to 24.0.0, upgrade to version 24.0.0 or later to resolve the issue. There are no known workarounds for this vulnerability.

Exploit

Fix

DoS

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

ALSA-2023:1802

ALSA-2023:1809

BDU:2023-01835

CESA-2023_1802

CESA-2023_1806

CVE-2023-28427

DLA-3400-1

DSA-5392-1

GHSA-MWQ8-FJPF-C2GR

MGASA-2023-0132

OPENSUSE-SU-2024:12823-1

OPENSUSE-SU-2024:12852-1

RHSA-2023:1802

RHSA-2023:1803

RHSA-2023:1804

RHSA-2023:1805

RHSA-2023:1806

RHSA-2023:1809

RHSA-2023:1810

RHSA-2023:1811

RHSA-2023_1802

RHSA-2023_1806

RHSA-2023_1809

RLSA-2023:1802

RLSA-2023:1809

SUSE-SU-2023:1736-1

Affected Products

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Matrix-Js-Sdk

PT-2023-2100 · Unknown+5 · Matrix-Js-Sdk+5

CVE-2023-28427

Weakness Enumeration

Related Identifiers

Affected Products

References · 110