Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
A room with itself as a its predecessor will freeze matrix-js-sdk
Vulnerability Description
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
Vulnerability Type
未经控制的递归
Vulnerability Title
matrix-js-sdk 安全漏洞
Vulnerability Description
matrix-js-sdk是Matrix开源的一个应用组件。 matrix-js-sdk 34.2.0之前版本存在安全漏洞,该漏洞源于恶意家庭服务器可以制作房间或房间结构,使前任形成一个循环,matrix-js-sdk的getRoomUpgradeHistory函数将无限递归,导致代码挂起。
CVSS Information
N/A
Vulnerability Type
N/A