matrix-react-sdk Prototype pollution vulnerability

GHSA-2x9c-qwgf-94xr · CVE-2022-36060

Published Mar 28, 2023 · Modified Nov 8, 2023

Description

Impact

Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered.

Patches

This is fixed in matrix-react-sdk 3.53.0

Workarounds

There are no workarounds. Please upgrade immediately.

References

https://learn.snyk.io/lessons/prototype-pollution/javascript/

For more information

If you have any questions or comments about this advisory please email us at security at matrix.org.

References

WEB https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-2x9c-qwgf-94xr
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-36060
PACKAGE https://github.com/matrix-org/matrix-react-sdk
WEB https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.53.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes