Home > Vulnerability Database > CVE-2024-51749

Mend.io Vulnerability Database

CVE-2024-51749

Date: November 12, 2024

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.

Language: TYPE_SCRIPT

Severity Score

3.5

Related Resources (4)

Url: https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-51749

Url: https://github.com/element-hq/element-web/commit/a00c343435d633e64de2c0548217aa611c7bbef5

Url: https://www.mend.io/vulnerability-database/CVE-2024-51749

Severity Score

3.5

Weakness Type (CWE)

User Interface (UI) Misrepresentation of Critical Information

CWE-451

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-51749

Date: November 12, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?