NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-50336

Summary	matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.
Publication Date	Nov. 13, 2024, 2:15 a.m.
Registration Date	Nov. 13, 2024, 5:01 a.m.
Last Update	Nov. 14, 2024, 2:01 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
2	https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5

Common Vulnerabilities List