Javascript Sdk
CVE-2022-39236
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1Blast Radius
ecosystem impact- 1 npm packages depend on matrix-js-sdk (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 17.1.0-rc.1.
DescriptionNVD
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.
AnalysisAI
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue. Affected products include: Matrix Javascript Sdk. Version information: version 17.1.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Javascript Sdk
View allThe olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. Rated critical sever
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. Rated high severity (CVSS 8.2), this vuln
Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Rated high severity (CV
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated high severity (CVSS 7.5), this vulnerability
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated high severity (CVSS 7.5), this vulnerability
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. Rated medium severity (CVSS 5.3), this vu
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. Rated medium severity (CVSS 5.3), this vuln
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today