Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype pollution in matrix-react-sdk
Vulnerability Description
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
CWE-1321
Vulnerability Title
matrix-react-sdk 安全漏洞
Vulnerability Description
Travis Ralston matrix-react-sdk是 Travis Ralston开源的一个应用软件。用于将Matrix聊天/语音客户端插入网页。 matrix-react-sdk存在安全漏洞,该漏洞源于远程服务器发送的数据可能导致部分功能被修改,进而产生拒绝服务并影响程序逻辑。
CVSS Information
N/A
Vulnerability Type
N/A