CVE-2022-39236— Matrix 输入验证错误漏洞

Matrix Javascript SDK improper beacon events can cause availability issues

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

输入验证不恰当

Matrix 输入验证错误漏洞

Matrix是一个雄心勃勃的新生态系统，用于开放联合即时消息和 VoIP。 Matrix Javascript SDK 17.1.0-rc.1及以后的版本存在输入验证错误漏洞，该漏洞源于其格式不正确的信标事件（来自MSC3488）可能会破坏或阻碍matrix-js-sdk正常运行，从而可能影响消费者安全处理数据的能力。矩阵 js-sdk可能看起来运行正常，但会排除或损坏呈现给使用者的运行时数据。

N/A

N/A