matrix-js-sdk@20.1.0-rc.1 vulnerabilities

Matrix Client-Server SDK for Javascript

latest version

32.2.0
latest non vulnerable version

32.3.0-rc.0
first published

9 years ago
latest version published

12 days ago
licenses detected
- Apache-2.0
  >=0
View matrix-js-sdk package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Missing Authorization matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Missing Authorization which can lead to invisible eavesdropping in group calls, on the video and audio of participants without their knowledge. The attacker will not appear to be participating in the call. Notes: Legacy 1:1 calls are unaffected. How to fix Missing Authorization? Upgrade `matrix-js-sdk` to version 24.1.0 or higher.	<24.1.0
H Prototype Pollution matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Prototype Pollution such that events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note: The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. How to fix Prototype Pollution? Upgrade `matrix-js-sdk` to version 24.0.0 or higher.	<24.0.0

Missing Authorization

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Missing Authorization which can lead to invisible eavesdropping in group calls, on the video and audio of participants without their knowledge. The attacker will not appear to be participating in the call.

Notes: Legacy 1:1 calls are unaffected.

How to fix Missing Authorization?

Upgrade matrix-js-sdk to version 24.1.0 or higher.

<24.1.0

Prototype Pollution

matrix-js-sdk is a Matrix Client-Server SDK for Javascript

Affected versions of this package are vulnerable to Prototype Pollution such that events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely.

Note: The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.

How to fix Prototype Pollution?

Upgrade matrix-js-sdk to version 24.0.0 or higher.

<24.0.0

Go back to all versions of this package

matrix-js-sdk@20.1.0-rc.1 vulnerabilities

Matrix Client-Server SDK for Javascript

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities