NodeJS/matrix-react-sdk/3.102.0-rc.1
SDK for matrix.org using React
https://www.npmjs.com/package/matrix-react-sdk
Apache-2.0
1 Security Vulnerabilities
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Published date: 2024-08-06T14:12:45Z
CVE: CVE-2024-42347
Links:
Impact
A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server.
Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N) the maintainer classifies this as High severity issue.
Patches
This was patched in matrix-react-sdk 3.105.1.
Workarounds
Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected.
References
N/A.
Affected versions:
["0.0.1", "0.0.2", "0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "0.5.0", "0.5.1", "0.5.2", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.4-r1", "0.6.5", "0.6.5-r1", "0.6.5-r2", "0.6.5-r3", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.7.5-rc.1", "0.7.5", "0.8.0", "0.8.1-rc.1", "0.8.1-rc.2", "0.8.1", "0.8.2", "0.8.3", "0.8.3-electron", "0.8.4", "0.8.5-rc.1", "0.8.5", "0.8.6-rc.1", "0.8.6-rc.2", "0.8.6-rc.3", "0.8.6", "0.8.7-rc.1", "0.8.7-rc.2", "0.8.7-rc.3", "0.8.7-rc.4", "0.8.7", "0.8.8-rc.1", "0.8.8-rc.2", "0.8.8", "0.8.9-rc.1", "0.8.9", "0.9.0-rc.1", "0.9.0-rc.2", "0.9.0", "0.9.1", "0.9.2", "0.9.3-rc.1", "0.9.3-rc.2", "0.9.3", "0.9.4", "0.9.5-rc.1", "0.9.5-rc.2", "0.9.5", "0.9.6", "0.9.7", "0.10.0-rc.1", "0.10.0-rc.2", "0.10.1-rc.1", "0.10.1", "0.10.2", "0.10.3-rc.1", "0.10.3-rc.2", "0.10.3", "0.10.4-rc.1", "0.10.4", "0.10.5", "0.10.6", "0.10.7-rc.1", "0.10.7-rc.2", "0.10.7-rc.3", "0.10.7", "0.11.0-rc.1", "0.11.0-rc.2", "0.11.0-rc.3", "0.11.0", "0.11.1", "0.11.2", "0.11.3", "0.11.4", "0.12.0-rc.1", "0.12.0-rc.2", "0.12.0-rc.3", "0.12.0-rc.4", "0.11.4-cryptowarning.1", "0.11.4-cryptowarning.2", "0.12.0-rc.5", "0.12.0-rc.6", "0.12.0-rc.7", "0.12.0", "0.12.1", "0.12.2", "0.12.3-rc.1", "0.12.3-rc.2", "0.12.3-rc.3", "0.12.3", "0.12.4-rc.1", "0.12.4-rc.2", "0.12.4-rc.3", "0.12.4-rc.4", "0.12.4-rc.5", "0.12.4-rc.6", "0.12.4", "0.12.5", "0.12.6-rc.1", "0.12.6", "0.12.7-rc.1", "0.12.7", "0.12.8-rc.1", "0.12.8-rc.2", "0.12.8", "0.12.9-rc.1", "0.12.9-rc.2", "0.12.9", "0.13.0-rc.1", "0.13.0-rc.2", "0.13.0", "0.13.1-rc.1", "0.13.1", "0.13.2", "0.13.3-rc.1", "0.13.3-rc.2", "0.13.3", "0.13.4-rc.1", "0.13.4", "0.13.5-rc.1", "0.13.5", "0.13.6", "0.14.0-rc.1", "0.14.0", "0.14.1", "0.14.2-rc.1", "0.14.2", "0.14.3", "0.14.4", "0.14.5-rc.1", "0.14.5-rc.2", "0.14.5", "0.14.6", "0.14.7-rc.1", "0.14.7-rc.2", "0.14.7", "0.14.8-rc.1", "0.14.8", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0", "1.0.1", "1.0.2-rc.1", "1.0.2-rc.2", "1.0.2-rc.3", "1.0.2-rc.4", "1.0.2", "1.0.3", "1.0.4-rc.1", "1.0.4", "1.0.5", "1.0.6-rc.1", "1.0.6", "1.0.7", "1.1.0-rc.1", "1.1.0", "1.1.1", "1.1.2", "1.2.0-rc.1", "1.2.0", "1.2.1", "1.2.2-rc.1", "1.2.2-rc.2", "1.2.2", "1.3.0-rc.1", "1.3.0", "1.3.1", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0-rc.3", "1.4.0", "1.5.0-rc.1", "1.5.0", "1.5.1", "1.5.2-rc.1", "1.5.2", "1.5.3-rc.1", "1.5.3-rc.2", "1.5.3-rc.3", "1.5.3", "1.6.0-rc.1", "1.6.0-rc.2", "1.6.0", "1.6.1", "1.6.2-rc.1", "1.6.2", "1.7.0-rc.1", "1.7.0", "1.7.1-rc.1", "1.7.1-rc.2", "1.7.1", "1.7.2", "1.7.3-rc.1", "1.7.3-rc.2", "1.7.3", "1.7.4", "1.7.5-rc.1", "1.7.5", "1.7.6-rc.1", "1.7.6-rc.2", "1.7.6", "2.0.0-rc.2", "2.0.0", "2.1.0-rc.1", "2.1.0-rc.2", "2.1.0", "2.1.1", "2.2.0-rc.1", "2.2.0", "2.2.1", "2.2.2", "2.2.3-rc.1", "2.2.3", "2.3.0-rc.1", "2.3.0", "2.3.1", "2.4.0-rc.1", "2.5.0-rc.1", "2.5.0-rc.2", "2.5.0-rc.3", "2.5.0-rc.4", "2.5.0-rc.5", "2.5.0-rc.6", "2.5.0", "2.6.0-rc.1", "2.6.0", "2.6.1", "2.7.0-rc.1", "2.7.0-rc.2", "2.7.0", "2.7.1", "2.7.2", "2.8.0-rc.1", "2.8.0", "2.8.1", "2.9.0-rc.1", "2.9.0", "2.10.0", "2.10.1", "3.0.0", "3.1.0-rc.1", "3.1.0", "3.2.0-rc.1", "3.2.0", "3.3.0-rc.1", "3.3.0", "3.4.0-rc.1", "3.4.0", "3.4.1", "3.5.0-rc.1", "3.5.0", "3.6.0-rc.1", "3.6.0", "3.6.1", "3.7.0-rc.1", "3.7.0-rc.2", "3.7.0", "3.7.1", "3.8.0-rc.1", "3.8.0", "3.9.0-rc.1", "3.9.0", "3.10.0-rc.1", "3.10.0", "3.11.0-rc.1", "3.11.0-rc.2", "3.11.0", "3.11.1", "3.12.0-rc.1", "3.12.0", "3.12.1", "3.13.0-rc.1", "3.13.0", "3.13.1", "3.14.0-rc.1", "3.14.0", "3.15.0-rc.1", "3.15.0", "3.16.0-rc.1", "3.16.0-rc.2", "3.16.0", "3.17.0-rc.1", "3.17.0", "3.18.0-rc.1", "3.18.0", "3.19.0-rc.1", "3.19.0", "3.20.0-rc.1", "3.20.0", "3.21.0-rc.1", "3.21.0", "3.22.0-rc.1", "3.22.0", "3.23.0-rc.1", "3.23.0", "3.24.0-rc.1", "3.24.0", "3.25.0-rc.1", "3.25.0", "3.26.0-rc.1", "3.26.0", "3.27.0-rc.1", "3.27.0", "3.28.0-rc.1", "3.28.0", "3.28.1", "3.29.0-rc.1", "3.29.0-rc.2", "3.29.0-rc.3", "3.29.0", "3.30.0-rc.1", "3.30.0-rc.2", "3.29.1", "3.30.0", "3.31.0-rc.1", "3.31.0-rc.2", "3.31.0", "3.32.0-rc.1", "3.32.0-rc.2", "3.32.0", "3.32.1", "3.33.0-rc.1", "3.33.0-rc.2", "3.33.0", "3.34.0-rc.1", "3.34.0", "3.35.0-rc.1", "3.35.1", "3.36.0-rc.1", "3.36.0", "3.36.1", "3.37.0-rc.1", "3.37.0", "3.38.0-rc.1", "3.38.0", "3.39.0-rc.1", "3.39.0-rc.2", "3.39.0", "3.39.1", "3.40.0-rc.1", "3.40.0-rc.2", "3.40.0", "3.40.1", "3.41.0-rc.1", "3.41.0", "3.41.1", "3.42.0-rc.1", "3.42.0", "3.42.1-rc.1", "3.42.1", "3.42.2-rc.1", "3.42.2-rc.2", "3.42.2-rc.3", "3.42.2-rc.4", "3.42.3", "3.42.4", "3.43.0-rc.1", "3.43.0", "3.44.0-rc.1", "3.44.0-rc.2", "3.44.0", "3.45.0-rc.2", "3.45.0-rc.3", "3.45.0", "3.46.0-rc.1", "3.46.0", "3.47.0", "3.48.0-rc.1", "3.48.0", "3.49.0-rc.1", "3.49.0-rc.2", "3.49.0", "3.50.0", "3.51.0-rc.1", "3.51.0", "3.52.0-rc.1", "3.52.0-rc.2", "3.52.0", "3.53.0-rc.1", "3.53.0-rc.2", "3.53.0", "3.54.0-rc.1", "3.54.0", "3.55.0-rc.1", "3.55.0", "3.56.0", "3.57.0", "3.58.0-rc.1", "3.58.0-rc.2", "3.58.0", "3.58.1", "3.59.0-rc.1", "3.59.0-rc.2", "3.59.0", "3.59.1", "3.60.0-rc.1", "3.60.0-rc.2", "3.60.0", "3.61.0-rc.1", "3.61.0", "3.62.0-rc.1", "3.62.0-rc.2", "3.62.0", "3.63.0-rc.2", "3.63.0", "3.64.0-rc.1", "3.64.0-rc.2", "3.64.0-rc.3", "3.64.0-rc.4", "3.64.0", "3.64.1", "3.64.2", "3.65.0-rc.1", "3.65.0", "3.66.0-rc.1", "3.66.0", "3.67.0-rc.1", "3.67.0-rc.2", "3.67.0", "3.68.0-rc.1", "3.68.0-rc.2", "3.68.0-rc.3", "3.68.0", "3.69.0", "3.69.1", "3.70.0-rc.1", "3.70.0", "3.71.0-rc.1", "3.71.0", "3.71.1", "3.72.0-rc.1", "3.72.0-rc.2", "3.72.0", "3.73.0-rc.1", "3.73.0-rc.2", "3.73.0-rc.3", "3.73.0", "3.73.1", "3.74.0-rc1", "3.74.0", "3.75.0-rc.1", "3.75.0", "3.76.0-rc.1", "3.76.0-rc.2", "3.76.0", "3.77.0-rc.1", "3.77.0", "3.77.1", "3.78.0-rc.1", "3.78.0", "3.79.0-rc.2", "3.79.0", "3.80.0-rc.1", "3.80.0-rc.2", "3.80.0", "3.80.1", "3.81.0-rc.1", "3.81.0", "3.81.1", "3.82.0-rc.1", "3.82.0", "3.83.0-rc.1", "3.83.0", "3.84.0-rc.1", "3.84.0", "3.84.1", "3.85.0-rc.0", "3.85.0-rc.1", "3.85.0", "3.86.0-rc.2", "3.86.0", "3.87.0-rc.0", "3.87.0", "3.88.0", "3.89.0-rc.0", "3.89.0", "3.90.0", "3.91.0-rc.0", "3.91.0-rc.1", "3.91.0", "3.92.0-rc.0", "3.92.0-rc.1", "3.92.0", "3.93.0-rc.0", "3.93.0", "3.94.0-rc.0", "3.94.0", "3.95.0-rc.0", "3.95.0", "3.96.0-rc.0", "3.96.0", "3.96.1", "3.97.0-rc.0", "3.97.0", "3.98.0-rc.0", "3.98.0", "3.99.0-rc.0", "3.99.0-rc.1", "3.99.0", "3.100.0-rc.0", "3.100.0-rc.1", "3.100.0", "3.101.0-rc.0", "3.101.0-rc.1", "3.101.0", "3.102.0-rc.0", "3.102.0-rc.1", "3.102.0", "3.103.0-rc.1", "3.103.0", "3.104.0-rc.0", "3.104.0-rc.1", "3.104.0"]
Secure versions:
[3.105.1, 3.106.0-rc.1, 3.106.0, 3.107.0, 3.108.0-rc.0, 3.108.0, 3.109.0-rc.0, 3.109.0, 3.110.0-rc.1, 3.110.0, 3.111.0, 3.112.0-rc.0]
Recommendation:
Update to version 3.111.0.
539 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.69.1 | Apache-2.0 | 3 | 2023-03-31 - 09:01 | over 1 year |
3.69.0 | Apache-2.0 | 3 | 2023-03-28 - 13:26 | over 1 year |
3.68.0 | Apache-2.0 | 4 | 2023-03-15 - 12:52 | over 1 year |
3.68.0-rc.3 | Apache-2.0 | 4 | 2023-03-14 - 11:39 | over 1 year |
3.68.0-rc.2 | Apache-2.0 | 4 | 2023-03-10 - 15:07 | over 1 year |
3.68.0-rc.1 | Apache-2.0 | 4 | 2023-03-07 - 11:34 | over 1 year |
3.67.0 | Apache-2.0 | 4 | 2023-02-28 - 10:49 | over 1 year |
3.67.0-rc.2 | Apache-2.0 | 4 | 2023-02-22 - 11:23 | over 1 year |
3.67.0-rc.1 | Apache-2.0 | 4 | 2023-02-21 - 13:10 | over 1 year |
3.66.0 | Apache-2.0 | 4 | 2023-02-14 - 10:33 | over 1 year |
3.66.0-rc.1 | Apache-2.0 | 4 | 2023-02-07 - 12:14 | over 1 year |
3.65.0 | Apache-2.0 | 4 | 2023-01-31 - 10:59 | over 1 year |
3.65.0-rc.1 | Apache-2.0 | 4 | 2023-01-24 - 11:28 | over 1 year |
3.64.2 | Apache-2.0 | 4 | 2023-01-20 - 12:32 | over 1 year |
3.64.1 | Apache-2.0 | 4 | 2023-01-18 - 21:56 | over 1 year |
3.64.0 | Apache-2.0 | 4 | 2023-01-18 - 13:46 | over 1 year |
3.64.0-rc.4 | Apache-2.0 | 4 | 2023-01-17 - 09:18 | over 1 year |
3.64.0-rc.3 | Apache-2.0 | 4 | 2023-01-13 - 10:47 | over 1 year |
3.64.0-rc.2 | Apache-2.0 | 4 | 2023-01-12 - 13:46 | over 1 year |
3.64.0-rc.1 | Apache-2.0 | 4 | 2023-01-11 - 13:47 | over 1 year |
3.63.0 | Apache-2.0 | 4 | 2022-12-21 - 17:17 | almost 2 years |
3.63.0-rc.2 | Apache-2.0 | 4 | 2022-12-14 - 09:33 | almost 2 years |
3.62.0 | Apache-2.0 | 4 | 2022-12-06 - 12:51 | almost 2 years |
3.62.0-rc.2 | Apache-2.0 | 4 | 2022-12-02 - 16:35 | almost 2 years |
3.62.0-rc.1 | Apache-2.0 | 4 | 2022-11-29 - 15:44 | almost 2 years |
3.61.0 | Apache-2.0 | 4 | 2022-11-22 - 11:42 | almost 2 years |
3.61.0-rc.1 | Apache-2.0 | 4 | 2022-11-15 - 18:07 | almost 2 years |
3.60.0 | Apache-2.0 | 4 | 2022-11-08 - 14:44 | almost 2 years |
3.60.0-rc.2 | Apache-2.0 | 4 | 2022-11-08 - 13:13 | almost 2 years |
3.60.0-rc.1 | Apache-2.0 | 4 | 2022-11-01 - 14:47 | almost 2 years |
3.59.1 | Apache-2.0 | 4 | 2022-11-01 - 09:34 | almost 2 years |
3.59.0 | Apache-2.0 | 4 | 2022-10-25 - 16:45 | almost 2 years |
3.59.0-rc.2 | Apache-2.0 | 4 | 2022-10-24 - 16:00 | almost 2 years |
3.59.0-rc.1 | Apache-2.0 | 4 | 2022-10-18 - 13:17 | almost 2 years |
3.58.1 | Apache-2.0 | 4 | 2022-10-11 - 16:54 | almost 2 years |
3.58.0 | Apache-2.0 | 4 | 2022-10-11 - 12:59 | almost 2 years |
3.58.0-rc.2 | Apache-2.0 | 4 | 2022-10-05 - 12:44 | almost 2 years |
3.58.0-rc.1 | Apache-2.0 | 4 | 2022-10-04 - 13:23 | about 2 years |
3.57.0 | Apache-2.0 | 4 | 2022-09-28 - 14:57 | about 2 years |
3.56.0 | Apache-2.0 | 4 | 2022-09-28 - 13:18 | about 2 years |
3.55.0 | Apache-2.0 | 4 | 2022-09-27 - 17:13 | about 2 years |
3.55.0-rc.1 | Apache-2.0 | 4 | 2022-09-20 - 13:22 | about 2 years |
3.54.0 | Apache-2.0 | 4 | 2022-09-13 - 11:57 | about 2 years |
3.54.0-rc.1 | Apache-2.0 | 4 | 2022-09-06 - 12:24 | about 2 years |
3.53.0 | Apache-2.0 | 4 | 2022-08-31 - 15:31 | about 2 years |
3.53.0-rc.2 | Apache-2.0 | 5 | 2022-08-25 - 15:51 | about 2 years |
3.53.0-rc.1 | Apache-2.0 | 5 | 2022-08-23 - 10:02 | about 2 years |
3.52.0 | Apache-2.0 | 5 | 2022-08-16 - 14:40 | about 2 years |
3.52.0-rc.2 | Apache-2.0 | 5 | 2022-08-12 - 12:39 | about 2 years |
3.52.0-rc.1 | Apache-2.0 | 5 | 2022-08-09 - 16:16 | about 2 years |
3.51.0 | Apache-2.0 | 5 | 2022-08-02 - 16:07 | about 2 years |
3.51.0-rc.1 | Apache-2.0 | 5 | 2022-07-26 - 16:54 | about 2 years |
3.50.0 | Apache-2.0 | 5 | 2022-07-26 - 16:38 | about 2 years |
3.49.0 | Apache-2.0 | 5 | 2022-07-26 - 15:26 | about 2 years |
3.49.0-rc.2 | Apache-2.0 | 5 | 2022-07-15 - 13:48 | about 2 years |
3.49.0-rc.1 | Apache-2.0 | 5 | 2022-07-12 - 13:11 | about 2 years |
3.48.0 | Apache-2.0 | 5 | 2022-07-05 - 13:16 | over 2 years |
3.48.0-rc.1 | Apache-2.0 | 5 | 2022-06-28 - 15:14 | over 2 years |
3.47.0 | Apache-2.0 | 5 | 2022-06-14 - 13:14 | over 2 years |
3.46.0 | Apache-2.0 | 5 | 2022-06-07 - 11:13 | over 2 years |
3.46.0-rc.1 | Apache-2.0 | 5 | 2022-05-31 - 10:43 | over 2 years |
3.45.0 | Apache-2.0 | 5 | 2022-05-24 - 11:59 | over 2 years |
3.45.0-rc.3 | Apache-2.0 | 5 | 2022-05-20 - 10:01 | over 2 years |
3.45.0-rc.2 | Apache-2.0 | 5 | 2022-05-17 - 18:20 | over 2 years |
3.44.0 | Apache-2.0 | 5 | 2022-05-10 - 14:01 | over 2 years |
3.44.0-rc.2 | Apache-2.0 | 5 | 2022-05-06 - 16:15 | over 2 years |
3.44.0-rc.1 | Apache-2.0 | 5 | 2022-05-03 - 14:29 | over 2 years |
3.43.0 | Apache-2.0 | 5 | 2022-04-26 - 10:39 | over 2 years |
3.43.0-rc.1 | Apache-2.0 | 5 | 2022-04-19 - 13:56 | over 2 years |
3.42.4 | Apache-2.0 | 5 | 2022-04-14 - 12:58 | over 2 years |
3.42.3 | Apache-2.0 | 5 | 2022-04-12 - 09:34 | over 2 years |
3.42.2-rc.4 | Apache-2.0 | 5 | 2022-04-11 - 10:41 | over 2 years |
3.42.2-rc.3 | Apache-2.0 | 5 | 2022-04-08 - 11:17 | over 2 years |
3.42.2-rc.2 | Apache-2.0 | 5 | 2022-04-06 - 10:53 | over 2 years |
3.42.2-rc.1 | Apache-2.0 | 5 | 2022-04-05 - 17:15 | over 2 years |
3.42.1 | Apache-2.0 | 5 | 2022-03-28 - 15:19 | over 2 years |
3.42.1-rc.1 | Apache-2.0 | 5 | 2022-03-22 - 21:49 | over 2 years |
3.42.0 | Apache-2.0 | 5 | 2022-03-15 - 14:33 | over 2 years |
3.42.0-rc.1 | Apache-2.0 | 5 | 2022-03-08 - 14:56 | over 2 years |
3.41.1 | Apache-2.0 | 5 | 2022-03-01 - 11:56 | over 2 years |
3.41.0 | Apache-2.0 | 5 | 2022-02-28 - 16:56 | over 2 years |
3.41.0-rc.1 | Apache-2.0 | 5 | 2022-02-22 - 13:50 | over 2 years |
3.40.1 | Apache-2.0 | 5 | 2022-02-17 - 12:02 | over 2 years |
3.40.0 | Apache-2.0 | 5 | 2022-02-14 - 15:29 | over 2 years |
3.40.0-rc.2 | Apache-2.0 | 5 | 2022-02-09 - 10:28 | over 2 years |
3.40.0-rc.1 | Apache-2.0 | 5 | 2022-02-08 - 15:42 | over 2 years |
3.39.1 | Apache-2.0 | 5 | 2022-02-01 - 15:51 | over 2 years |
3.39.0 | Apache-2.0 | 5 | 2022-01-31 - 14:56 | over 2 years |
3.39.0-rc.2 | Apache-2.0 | 5 | 2022-01-26 - 18:08 | over 2 years |
3.39.0-rc.1 | Apache-2.0 | 5 | 2022-01-26 - 17:06 | over 2 years |
3.38.0 | Apache-2.0 | 5 | 2022-01-17 - 14:21 | over 2 years |
3.38.0-rc.1 | Apache-2.0 | 5 | 2022-01-11 - 15:05 | over 2 years |
3.37.0 | Apache-2.0 | 5 | 2021-12-20 - 14:15 | almost 3 years |
3.37.0-rc.1 | Apache-2.0 | 5 | 2021-12-14 - 14:45 | almost 3 years |
3.36.1 | Apache-2.0 | 5 | 2021-12-13 - 15:28 | almost 3 years |
3.36.0 | Apache-2.0 | 5 | 2021-12-06 - 15:22 | almost 3 years |
3.36.0-rc.1 | Apache-2.0 | 5 | 2021-11-30 - 18:23 | almost 3 years |
3.35.1 | Apache-2.0 | 5 | 2021-11-22 - 14:27 | almost 3 years |
3.35.0-rc.1 | Apache-2.0 | 5 | 2021-11-17 - 14:08 | almost 3 years |
3.34.0 | Apache-2.0 | 5 | 2021-11-08 - 17:45 | almost 3 years |