CVE-2022-36060

2023-03-2821:15:10

Alpine Linux Development Team

security.alpinelinux.org

matrix chat protocol

react javascript

events

disruption

impede

crashes

rendered

fixed

upgrade

vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. This issue has been fixed in matrix-react-sdk 3.53.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchelement-web< 1.11.4-r0UNKNOWN
Alpine3.16-communitynoarchriot-web< 1.11.4-r0UNKNOWN
Alpine3.17-communitynoarchriot-web< 1.11.4-r0UNKNOWN
Alpine3.18-communitynoarchelement-web< 1.11.4-r0UNKNOWN
Alpine3.19-communitynoarchelement-web< 1.11.4-r0UNKNOWN
Alpine3.20-communitynoarchelement-web< 1.11.4-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	element-web	< 1.11.4-r0	UNKNOWN
Alpine	3.16-community	noarch	riot-web	< 1.11.4-r0	UNKNOWN
Alpine	3.17-community	noarch	riot-web	< 1.11.4-r0	UNKNOWN
Alpine	3.18-community	noarch	element-web	< 1.11.4-r0	UNKNOWN
Alpine	3.19-community	noarch	element-web	< 1.11.4-r0	UNKNOWN
Alpine	3.20-community	noarch	element-web	< 1.11.4-r0	UNKNOWN