Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper handling of multiline messages in matrix-appservice-irc
Vulnerability Description
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Matrix matrix-appservice-irc 注入漏洞
Vulnerability Description
Matrix是一个雄心勃勃的新生态系统,用于开放联合即时消息和 VoIP。matrix-appservice-irc是Matrix的一款网桥。这个网桥会将所有 IRC 消息传递给 Matrix,并将所有 Matrix 消息传递给 IRC。 Matrix matrix-appservice-irc 0.33.1 版本及之前版本存在注入漏洞,该漏洞源于node-irc中多行消息处理不当,攻击者利用该漏洞通过让 Matrix用户回复恶意制作的消息来操纵他们执行IRC命令。
CVSS Information
N/A
Vulnerability Type
N/A