matrix-js-sdk@20.1.0-rc.1 vulnerabilities
Matrix Client-Server SDK for Javascript
-
latest version
32.2.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
12 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the matrix-js-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Missing Authorization which can lead to invisible eavesdropping in group calls, on the video and audio of participants without their knowledge. The attacker will not appear to be participating in the call. Notes: Legacy 1:1 calls are unaffected. How to fix Missing Authorization? Upgrade |
<24.1.0
|
matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Prototype Pollution such that events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note: The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. How to fix Prototype Pollution? Upgrade |
<24.0.0
|