VYPR

Matrix Appservice Irc

by Matrix Org

Source repositories

CVEs (11)

  • CVE-2024-52505MedNov 14, 2024
    risk 0.28cvss 5.4epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has…

  • CVE-2024-39691MedJul 5, 2024
    risk 0.21cvss 4.3epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event…

  • CVE-2024-32000MedApr 12, 2024
    risk 0.21cvss 4.3epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a…

  • CVE-2025-27146Feb 25, 2025
    risk 0.00cvss epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user.…

  • CVE-2023-38700Aug 4, 2023
    risk 0.00cvss epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue.…

  • CVE-2023-38691Aug 4, 2023
    risk 0.00cvss epss 0.00

    matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning…

  • CVE-2023-38690Aug 4, 2023
    risk 0.00cvss epss 0.01

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge…

  • CVE-2022-39203Sep 13, 2022
    risk 0.00cvss epss 0.01

    matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the…

  • CVE-2022-39202Sep 13, 2022
    risk 0.00cvss epss 0.01

    matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc…

  • CVE-2022-29166May 5, 2022
    risk 0.00cvss epss 0.01

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc…

  • CVE-2021-32659Jun 16, 2021
    risk 0.00cvss epss 0.01

    Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge`…