Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vhr5-g3pm-49fm: matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor

Impact

A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk’s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug.

Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) we classify this as High severity issue.

Patches

This was patched in matrix-js-sdk 34.3.1.

Workarounds

Sanity check rooms before passing them to the matrix-js-sdk or avoid calling either getRoomUpgradeHistory or leaveRoomChain.

References

N/A.

ghsa
Open in Source
#vulnerability#web#nodejs#js#git

Skip to content

Navigation Menu

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • GitHub Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

  • Explore

    • Learning Pathways
    • White papers, Ebooks, Webinars
    • Customer Stories
    • Partners

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles

    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-42369

matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor

Moderate severity GitHub Reviewed Published Aug 20, 2024 in matrix-org/matrix-js-sdk • Updated Aug 20, 2024

Package

npm matrix-js-sdk (npm)

Affected versions

< 34.3.1

Description

Impact

A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk’s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug.

Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) we classify this as High severity issue.

Patches

This was patched in matrix-js-sdk 34.3.1.

Workarounds

Sanity check rooms before passing them to the matrix-js-sdk or avoid calling either getRoomUpgradeHistory or leaveRoomChain.

References

N/A.

References

  • GHSA-vhr5-g3pm-49fm
  • https://nvd.nist.gov/vuln/detail/CVE-2024-42369
  • matrix-org/matrix-js-sdk@a0efed8

Published to the GitHub Advisory Database

Aug 20, 2024

Last updated

Aug 20, 2024

ghsa: Latest News

GHSA-4gfw-wf7c-w6g2: Authd allows attacker-controlled usernames to yield controllable UIDs
ghsa