← voltar
CVE-2024-51750

Element allows a malicious homeserver can modify events leading to unrenderable events or rooms

CVSS 5 MEDIUMEPSS 0.5%CWE-248
Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Produtos afetados
element-hq · element-web

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc