Lucene search

K

Veracode Vulnerability DatabaseVERACODE:40032

HistoryApr 04, 2023 - 9:55 a.m.

Prototype Pollution

2023-04-0409:55:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

27

matrix-js-sdk

prototype pollution

events

library

data safety

EPSS

0.005

Percentile

75.6%

matrix-js-sdk is vulnerable to Prototype Pollution. Events sent with special strings in key places may disrupt or impede the library from functioning properly, potentially impacting the consumer’s ability to process data safely.

References

github.com/matrix-org/matrix-js-sdk/commit/9a504af18e7e7409016a1ff2b1e4d95f398d8393

github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr

lists.debian.org/debian-lts-announce/2023/04/msg00027.html

matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0

security.gentoo.org/glsa/202305-36

www.debian.org/security/2023/dsa-5392

EPSS

0.005

Percentile

75.6%

Related for VERACODE:40032

kaspersky1 nessus29 mageia1 osv10 nvd1 mozilla1 cvelist1 openvas7 debiancve1 slackware1 alpinelinux1 prion1 ubuntucve1 redhatcve1 cve1 freebsd1 github1 oraclelinux3 rocky2 debian2 almalinux2 redhat8 centos1 gentoo1