vulnerability

FreeBSD: VID-574f7bc9-a141-11ef-84e9-901b0e9408dc (CVE-2024-50336): Matrix clients -- mxc uri validation in js sdk

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:N)	Nov 12, 2024	Nov 14, 2024	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:N)

Published

Nov 12, 2024

Added

Nov 14, 2024

Modified

Dec 10, 2025

Description

matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver.

Solutions

freebsd-upgrade-package-cinnyfreebsd-upgrade-package-element-web

References

CVE-2024-50336
https://attackerkb.com/topics/CVE-2024-50336
CWE-22

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today