Vulnerability DatabaseWS-2022-0128
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2022-0128
November 03, 2024
matrix-org-irc versions prior to 1.2.1 are vulnerable to Improper handling of multiline messages which could lead to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. Incorrect handling of a CR character allowed for making part of the message be sent to the IRC server verbatim rather than as a message to the channel
Related ResourcesĀ (6)
https://github.com/matrix-org/node-irc
https://github.com/matrix-org/node-irc/security/advisories/GHSA-52rh-5rpj-c3w6
https://github.com/matrix-org/node-irc/commit/2976c856df37660a9d664e94c857c796de2e34f7
https://github.com/matrix-org/node-irc/commit/a6552e52ed11342bc44f9150899d65168d6cf9ec
https://github.com/matrix-org/node-irc/commit/e3eb9c15f8240e9c92365f5ffc3944469229771b
https://matrix.org/blog/2022/05/04/0-34-0-security-release-for-matrix-appservice-irc-high-severity
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH