CVE-2023-28103

Name of the Vulnerable Software and Affected Versions matrix-react-sdk versions prior to 3.69.0

Description The issue arises when data sent by remote servers contains special strings in key locations, potentially modifying the Object.prototype and disrupting the functionality of matrix-react-sdk, leading to denial of service and affecting program logic.

Recommendations For versions prior to 3.69.0, upgrade to version 3.69.0 to resolve the issue. As a temporary workaround, consider restricting the handling of data from remote servers to prevent modifications of the Object.prototype until a patch is available.