matrix-js-sdk is vulnerable to denial of service attacks. The vulnerability exists in the senderKey
parameter inmegolm.js
due to improperly formed beacon events which allows an attacker to craft a malicious event and crash the system.
github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
github.com/matrix-org/matrix-spec-proposals/pull/3488
security.gentoo.org/glsa/202210-35