VYPR
Medium severityOSV Advisory· Published Nov 12, 2024· Updated Jun 17, 2026

CVE-2024-50336

CVE-2024-50336

Description

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
matrix-js-sdknpm
< 34.11.134.11.1

Affected products

9

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.