CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50336.json"
}

References

Affected packages

Git / github.com/matrix-org/matrix-js-sdk

Affected ranges

Type: GIT
Repo: https://github.com/matrix-org/matrix-js-sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b4c4355d1a34dd3e4b22467f556eebe368768ea5

Affected versions

Other

no-media-devices-release

v0.*

v0.1.0

v0.1.1

v0.10.2

v0.10.2-rc.1

v0.10.3

v0.10.3-rc.1

v0.10.5

v0.10.5-rc.1

v0.10.7

v0.10.7-rc.1

v0.11.0

v0.11.0-rc.1

v0.2.0

v0.2.1

v0.2.2

v0.4.1

v0.4.2

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.6.0-rc1

v0.6.0-rc2

v0.6.1

v0.6.2

v0.6.4

v0.6.4-rc.2

v0.7.1-rc.1

v0.7.10

v0.7.2

v0.7.4

v0.7.4-rc.1

v0.7.9

v0.8.0

v0.8.1

v0.8.1-rc.1

v0.8.2

v0.8.3

v0.8.3-rc.1

v1.*

v1.0.0

v1.0.0-rc.1

v1.0.0-rc.2

v2.*

v2.0.1

v2.0.1-rc.1

v2.0.1-rc.2

v2.4.1

v26.*

v26.1.0-patch.1

v26.2.0-no-media-devices-hotfix

v30.*

v30.1.0-rc.0

v30.1.0-rc.1

v30.2.0-rc.0

v31.*

v31.2.0-rc.0

v34.*

v34.10.0

v34.10.0-rc.0

v34.11.0

v34.2.0

v5.*

v5.0.1

v7.*

v7.1.0

v7.1.0-rc.1

v8.*

v8.0.0

v8.1.0

v8.1.0-rc.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50336.json"