Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-59160

Опубликовано: 16 сент. 2025
Источник: ubuntu
Приоритет: medium

Описание

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. The issue has been patched and users should upgrade to 38.2.0. A workaround is to avoid using MatrixClient::getJoinedRooms in favor of getRooms() and filtering upgraded rooms separately.

РелизСтатусПримечание
devel

DNE

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

jammy

needs-triage

noble

needs-triage

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

Связанные уязвимости

nvd логотип

CVE-2025-59160

nvd
5 месяцев назад

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. The issue has been patched and users should upgrade to 38.2.0. A workaround is to avoid using MatrixClient::getJoinedRooms in favor of getRooms() and filtering upgraded rooms separately.

debian логотип

CVE-2025-59160

debian
5 месяцев назад

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and ...

github логотип

GHSA-mp7c-m3rh-r56v

github
5 месяцев назад

matrix-js-sdk has insufficient validation when considering a room to be upgraded by another