Vulnerabilities > Matrix > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2023-29529 | Unspecified vulnerability in Matrix Javascript SDK matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. | 5.3 |
| 2023-03-28 | CVE-2022-36060 | Unspecified vulnerability in Matrix React SDK matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. | 5.3 |
| 2022-11-22 | CVE-2022-41952 | Missing Release of Resource after Effective Lifetime vulnerability in Matrix Synapse Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. | 5.3 |
| 2022-11-13 | CVE-2022-3971 | Improper Enforcement of Message or Data Structure vulnerability in Matrix IRC Bridge A vulnerability was found in matrix-appservice-irc up to 0.35.1. | 5.6 |
| 2022-09-28 | CVE-2022-39246 | Key Exchange without Entity Authentication vulnerability in Matrix Software Development KIT matrix-android-sdk2 is the Matrix SDK for Android. | 5.3 |
| 2022-09-28 | CVE-2022-39236 | Unspecified vulnerability in Matrix Javascript SDK Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. | 5.3 |
| 2022-06-28 | CVE-2022-31052 | Uncontrolled Recursion vulnerability in multiple products Synapse is an open source home server implementation for the Matrix chat network. | 6.5 |
| 2022-05-05 | CVE-2022-29166 | Injection vulnerability in Matrix IRC Bridge matrix-appservice-irc is a Node.js IRC bridge for Matrix. | 6.8 |
| 2021-09-13 | CVE-2021-40823 | Authentication Bypass by Spoofing vulnerability in Matrix Javascript SDK A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. | 5.9 |
| 2021-09-13 | CVE-2021-40824 | Authentication Bypass by Spoofing vulnerability in Matrix Element and Matrix-Android-Sdk2 A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. | 5.9 |