[FREEBSD:5B0AE405-CDC7-11ED-BB39-901B0E9408DC] Matrix clients -- Prototype pollution in matrix-js-sdk
Severity
High
Affected Packages
2
CVEs
2
Matrix developers report:
Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk
to patch a pair of High severity vulnerabilities (CVE-2023-28427 /
GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and CVE-2023-28103 / GHSA-6g43-88cp-w5gv
for matrix-react-sdk).
The issues involve prototype pollution via events containing special strings
in key locations, which can temporarily disrupt normal functioning of matrix-js-sdk
and matrix-react-sdk, potentially impacting the consumer's ability to process data
safely.
Package | Affected Version |
---|---|
pkg:freebsd/element-web | < 1.11.26 |
pkg:freebsd/cinny |
- ID
- FREEBSD:5B0AE405-CDC7-11ED-BB39-901B0E9408DC
- Severity
- high
- Severity from
- CVE-2023-28103
- URL
- http://vuxml.freebsd.org/freebsd/5b0ae405-cdc7-11ed-bb39-901b0e9408dc.html
- Published
-
2023-03-28T00:00:00
(18 months ago) - Modified
-
2023-03-29T00:00:00
(18 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALPINE:CVE-2023-28103
- ALPINE:CVE-2023-28427
- ALSA-2023:1802
- ALSA-2023:1809
- DSA-5392-1
- ELSA-2023-1802
- ELSA-2023-1806
- ELSA-2023-1809
- GLSA-202305-36
- MFSA-2023-12
- NPM:GHSA-6G43-88CP-W5GV
- NPM:GHSA-MWQ8-FJPF-C2GR
- RHSA-2023:1802
- RHSA-2023:1806
- RHSA-2023:1809
- RLSA-2023:1802
- RLSA-2023:1809
- SSA:2023-088-01
- SUSE-SU-2023:1736-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/element-web | element-web | < 1.11.26 | ||||
Affected | pkg:freebsd/cinny | cinny |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |