Go modules package
github.com/t2bot/matrix-media-repo
pkg:golang/github.com/t2bot/matrix-media-repo
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-36402 | — | < 1.3.5 | 1.3.5 | Jan 16, 2025 | Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. | ||
| CVE-2024-36403 | — | < 1.3.5 | 1.3.5 | Jan 16, 2025 | Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's t | ||
| CVE-2024-52602 | — | < 1.3.8 | 1.3.8 | Jan 16, 2025 | Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users | ||
| CVE-2024-52791 | — | < 1.3.8 | 1.3.8 | Jan 16, 2025 | Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large am | ||
| CVE-2024-56515 | — | < 1.3.8 | 1.3.8 | Jan 16, 2025 | Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different |
- CVE-2024-36402Jan 16, 2025affected < 1.3.5fixed 1.3.5
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository.
- CVE-2024-36403Jan 16, 2025affected < 1.3.5fixed 1.3.5
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's t
- CVE-2024-52602Jan 16, 2025affected < 1.3.8fixed 1.3.8
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users
- CVE-2024-52791Jan 16, 2025affected < 1.3.8fixed 1.3.8
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large am
- CVE-2024-56515Jan 16, 2025affected < 1.3.8fixed 1.3.8
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different