High severity8.2NVD Advisory· Published Mar 28, 2023· Updated Jun 17, 2026
CVE-2023-28103
CVE-2023-28103
Description
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-react-sdknpm | < 3.69.0 | 3.69.0 |
Affected products
2- Range: < 3.69.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6g43-88cp-w5gvghsaADVISORY
- github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-6g43-88cp-w5gvnvdVendor AdvisoryWEB
- matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-28103ghsaADVISORY
- github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-2x9c-qwgf-94xrghsaWEB
News mentions
0No linked articles in our index yet.