Home > Vulnerability Database > CVE-2024-52602

Mend.io Vulnerability Database

CVE-2024-52602

Good to know:

Date: January 16, 2025

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.

Severity Score

5.0

Related Resources (8)

Url: https://github.com/t2bot/matrix-media-repo

Url: https://pkg.go.dev/vuln/GO-2025-3399

Url: https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-r6jg-jfv6-2fjv

Url: https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52602

Url: https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang

Url: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery

Url: https://www.mend.io/vulnerability-database/CVE-2024-52602

Severity Score

5.0

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version github.com/t2bot/matrix-media-repo - v1.3.8

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52602

Good to know:

Date: January 16, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?