We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.
Reserved 2024-10-22 | Published 2024-11-12 | Updated 2024-11-12 | Assigner GitHub_MCWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
github.com/...js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
spec.matrix.org/v1.12/client-server-api/
Support options