漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Vulnerability Description
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
matrix-js-sdk 安全漏洞
Vulnerability Description
matrix-js-sdk是Matrix开源的一个应用组件。 matrix-js-sdk 34.11.1之前版本存在安全漏洞。攻击者利用该漏洞可以通过特制的 MXC URI 进行客户端路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A