Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2022-39236

Published: 28/09/2022 Updated: 08/12/2022
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Matrix

Vulnerability Summary

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

matrix javascript sdk

matrix javascript sdk 17.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: node-matrix-js-sdk: CVE-2022-39236 CVE-2022-39249 CVE-2022-39251
Debian Bug report logs - #1021136 node-matrix-js-sdk: CVE-2022-39236 CVE-2022-39249 CVE-2022-39251 Package: node-matrix-js-sdk; Maintainer for node-matrix-js-sdk is Matrix Packaging Team <pkg-matrix-maintainers@listsaliothdebianorg>; Source for node-matrix-js-sdk is src:node-matrix-js-sdk (PTS, buildd, popcon) Reported by ...
Ubuntu Security Notice: USN-5724-1: Thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 102.3.1
Mozilla Foundation Security Advisory 2022-43 Security Vulnerabilities fixed in Thunderbird 10231 Announced September 28, 2022 Impact high Products Thunderbird Fixed in Thunderbird 10231 ...
Red Hat:
Description<!---->A flaw was found in Mozilla According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to a data corruption issue An attacker could potentially cause data integrity issues by sending specially crafted messagesA flaw was found in Mozilla According to the Mozilla Foun ...

References

NVD-CWE-noinfohttps://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0https://github.com/matrix-org/matrix-spec-proposals/pull/3488https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45xhttps://security.gentoo.org/glsa/202210-35https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136https://ubuntu.com/security/notices/USN-5724-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook