pkg:npm/matrix-js-sdk

共 12 筆 CVEHIGH5MEDIUM4

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.6CVE-2022-39250matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
    from 0, < 19.7.0
  • HIGH8.6CVE-2022-39251matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
    from 0, < 19.7.0
  • HIGH8.2CVE-2023-28427Prototype pollution in matrix-js-sdk (part 2)
    from 0, < 24.0.0
  • HIGH7.5CVE-2022-39249matrix-js-sdk subject to impersonated messages due to permissive key forwarding
    from 0, < 19.7.0
  • HIGH7.2CVE-2022-36059matrix-js-sdk Prototype Pollution vulnerability
    from 0, < 19.4.0
  • MEDIUM5.9CVE-2021-40823matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
    from 0, < 12.4.1
  • MEDIUM5.0CVE-2023-29529matrix-js-sdk vulnerable to invisible eavesdropping in group calls
    from 0, < 24.1.0
  • MEDIUM4.3CVE-2022-39236Improper beacon events in matrix-js-sdk can result in availability issues
    >= 17.1.0-rc.1, < 19.7.0
  • MEDIUM4.1CVE-2024-42369matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
    from 0, < 34.3.1
  • CVE-2025-59160matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
    from 0, < 38.2.0
  • CVE-2024-50336matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
    from 0, < 34.11.1
  • CVE-2024-47080Matrix JavaScript SDK's key history sharing could share keys to malicious devices
    >= 9.11.0, < 34.8.0