npm package
matrix-appservice-bridge
pkg:npm/matrix-appservice-bridge
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38691 | — | >= 4.0.0, < 8.1.2 | 8.1.2 | Aug 4, 2023 | matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning A | ||
| CVE-2021-32659 | — | < 2.6.1 | 2.6.1 | Jun 16, 2021 | Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance. |
- CVE-2023-38691Aug 4, 2023affected >= 4.0.0, < 8.1.2fixed 8.1.2
matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning A
- CVE-2021-32659Jun 16, 2021affected < 2.6.1fixed 2.6.1
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.