matrix-js-sdk is vulnerable to Prototype Pollution. Events sent with special strings in key places may disrupt or impede the library from functioning properly, potentially impacting the consumer’s ability to process data safely.
github.com/matrix-org/matrix-js-sdk/commit/9a504af18e7e7409016a1ff2b1e4d95f398d8393
github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr
lists.debian.org/debian-lts-announce/2023/04/msg00027.html
matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0
security.gentoo.org/glsa/202305-36
www.debian.org/security/2023/dsa-5392