VYPR

Matrix Hookshot

by Matrix Org

Source repositories

CVEs (2)

  • CVE-2025-23197MedJan 27, 2025
    risk 0.35cvss 6.5epss 0.00

    matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can…

  • CVE-2023-43656Sep 27, 2023
    risk 0.00cvss epss 0.00

    matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is…