CVE-2024-52791

Name of the Vulnerable Software and Affected Versions Matrix Media Repo (MMR) versions prior to 1.3.8

Description The issue arises when Matrix Media Repo (MMR) makes requests to other servers as part of its normal operation, and these servers return large amounts of JSON for parsing. During parsing, MMR can consume large amounts of memory, leading to memory exhaustion.

Recommendations For versions prior to 1.3.8, upgrade to version 1.3.8 to resolve the issue. As a temporary workaround for users unable to upgrade, consider configuring forward proxies to block requests to unsafe hosts. Alternatively, configure MMR processes with memory limits and auto-restart to mitigate the risk. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.