VYPR

npm package

matrix-appservice-bridge

pkg:npm/matrix-appservice-bridge

Vulnerabilities (2)

  • CVE-2023-38691Aug 4, 2023
    affected >= 4.0.0, < 8.1.2fixed 8.1.2

    matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning A

  • CVE-2021-32659Jun 16, 2021
    affected < 2.6.1fixed 2.6.1

    Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.