Jump to:

CVE-2024-50336

Jump to:

CVE-2024-50336

Package thunderbird updated to version 128.5.2-alt1 for branch sisyphus in task 365529.

Published: 2024-11-12
Modified: 2024-11-13

CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.

References:

https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5

Version: 2.1.0

Package thunderbird update in sisyphus on 2024-12-21

ALT-PU-2024-17387-3

Closed vulnerabilities

CVE-2024-50336