GHSA-mp7c-m3rh-r56v

Опубликовано: 16 сент. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.9

Описание

matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Impact

matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room.

Patches

The issue has been patched and users should upgrade to 38.2.0.

Workarounds

Avoid using MatrixClient::getJoinedRooms in favour of getRooms() and filtering upgraded rooms separately.

Ссылки

Пакеты

Наименование

matrix-js-sdk

npm

Затронутые версииВерсия исправления

< 38.2.0

38.2.0

EPSS

Процентиль: 27%

0.00094

Низкий

6.9 Medium

CVSS4

CVE ID

CVE-2025-59160

Дефекты

CWE-20

CWE-345

CWE-862

Связанные уязвимости

CVE-2025-59160

ubuntu

5 месяцев назад

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. The issue has been patched and users should upgrade to 38.2.0. A workaround is to avoid using MatrixClient::getJoinedRooms in favor of getRooms() and filtering upgraded rooms separately.

CVE-2025-59160

nvd

5 месяцев назад

CVE-2025-59160

debian

5 месяцев назад

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and ...

EPSS

Процентиль: 27%

0.00094

Низкий

6.9 Medium

CVSS4

CVE ID

CVE-2025-59160

Дефекты

CWE-20

CWE-345

CWE-862