pkg:npm/matrix-js-sdk

All known vulnerabilities

• HIGH8.6CVE-2022-39250matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
  from 0, < 19.7.0
• HIGH8.6CVE-2022-39251matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
  from 0, < 19.7.0
• HIGH8.2CVE-2023-28427Prototype pollution in matrix-js-sdk (part 2)
  from 0, < 24.0.0
• HIGH7.5matrix-js-sdk subject to impersonated messages due to permissive key forwarding
  from 0, < 19.7.0
• HIGH7.2matrix-js-sdk Prototype Pollution vulnerability
  from 0, < 19.4.0
• MEDIUM5.9matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
  from 0, < 12.4.1
• MEDIUM5.0matrix-js-sdk vulnerable to invisible eavesdropping in group calls
  from 0, < 24.1.0
• MEDIUM4.3Improper beacon events in matrix-js-sdk can result in availability issues
  >= 17.1.0-rc.1, < 19.7.0
• MEDIUM4.1matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
  from 0, < 34.3.1
• —matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
  from 0, < 38.2.0
• —thunderbird - security update
  from 0, < 34.11.1
• —Matrix JavaScript SDK's key history sharing could share keys to malicious devices
  >= 9.11.0, < 34.8.0