CVE-2024-42369

Name of the Vulnerable Software and Affected Versions matrix-js-sdk versions prior to 34.3.1

Description A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the leaveRoomChain() method, so leaving a room will also trigger the bug.

Recommendations For versions prior to 34.3.1, update to version 34.3.1 to resolve the issue. As a temporary workaround, consider sanity checking rooms before passing them to the matrix-js-sdk or avoid calling either getRoomUpgradeHistory or leaveRoomChain.