matrix-react-sdk (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package matrix-react-sdk, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2024-47824: matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version…
CVE-2022-36060 — CVSS 8.2 (high): matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt…
CVE-2023-28103 — CVSS 8.2 (high): matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing…
CVE-2024-42347 — CVSS 7.7 (high): matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a…
CVE-2023-37259 — CVSS 6.1 (medium): matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain…
CVE-2023-30609 — CVSS 5.4 (medium): matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages…
CVE-2021-32622 — CVSS 4.2 (medium): Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a…
CVE-2021-21320 — CVSS 2.6 (low): matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content…