All 8 CVE vulnerabilities found in matrix-react-sdk, with AI-generated Chinese analysis, references, and POCs.
Vendor: matrix-org
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47824 | Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room CWE-200 | 6.5 | - | 2024-10-15 |
| CVE-2024-42347 | URL preview setting for a room is controllable by the homeserver in matrix-react-sdk CWE-359 | 7.7 | High | 2024-08-06 |
| CVE-2023-37259 | Cross site scripting in Export Chat feature CWE-79 | 6.1 | Medium | 2023-07-18 |
| CVE-2023-30609 | matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting CWE-74 | 5.4 | Medium | 2023-04-25 |
| CVE-2022-36060 | Prototype pollution in matrix-react-sdk CWE-1321 | 8.2 | High | 2023-03-28 |
| CVE-2023-28103 | Prototype pollution in matrix-react-sdk CWE-1321 | 8.2 | High | 2023-03-28 |
| CVE-2021-32622 | File upload local preview can run embedded scripts after user interaction CWE-74 | 4.2 | Medium | 2021-05-17 |
| CVE-2021-21320 | User content sandbox can be confused into opening arbitrary documents CWE-345 | 2.6 | Low | 2021-03-02 |
All 8 known CVE vulnerabilities affecting matrix-react-sdk with full Chinese analysis, references, and POCs where available.