matrix-react-sdk Prototype pollution vulnerability
High severity
GitHub Reviewed
Published
Mar 28, 2023
in
matrix-org/matrix-react-sdk
•
Updated Mar 28, 2023
Description
Published to the GitHub Advisory Database
Mar 28, 2023
Reviewed
Mar 28, 2023
Published by the National Vulnerability Database
Mar 28, 2023
Last updated
Mar 28, 2023
Impact
Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered.
Patches
This is fixed in matrix-react-sdk 3.53.0
Workarounds
There are no workarounds. Please upgrade immediately.
References
https://learn.snyk.io/lessons/prototype-pollution/javascript/
For more information
If you have any questions or comments about this advisory please email us at security at matrix.org.
References