CVE-2024-52602

Name of the Vulnerable Software and Affected Versions Matrix Media Repo (MMR) versions prior to 1.3.8

Description Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This issue allows MMR to serve content from a private network, potentially exposing sensitive information. Users are advised to upgrade to a fixed version.

Recommendations For versions prior to 1.3.8, upgrade to version 1.3.8 or later to resolve the issue. As a temporary workaround, consider restricting which hosts MMR is allowed to contact via local firewall rules or a transparent proxy to minimize the risk of exploitation.