Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by turt2live
CVE-2023-41318 (GCVE-0-2023-41318)
Vulnerability from cvelistv5 – Published: 2023-09-08 19:51 – Updated: 2024-09-26 14:03
VLAI?
Title
Unsafe media served inline on download endpoints in matrix-media-repo
Summary
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.
Severity ?
4.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| turt2live | matrix-media-repo |
Affected:
< 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:05.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-5crw-6j7v-xc72",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-5crw-6j7v-xc72"
},
{
"name": "https://github.com/turt2live/matrix-media-repo/commit/77ec2354e8f46d5ef149d1dcaf25f51c04149137",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/turt2live/matrix-media-repo/commit/77ec2354e8f46d5ef149d1dcaf25f51c04149137"
},
{
"name": "https://github.com/turt2live/matrix-media-repo/commit/bf8abdd7a5371118e280c65a8e0ec2b2e9bdaf59",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/turt2live/matrix-media-repo/commit/bf8abdd7a5371118e280c65a8e0ec2b2e9bdaf59"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:57:19.688359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:03:33.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "matrix-media-repo",
"vendor": "turt2live",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T19:51:20.011Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-5crw-6j7v-xc72",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-5crw-6j7v-xc72"
},
{
"name": "https://github.com/turt2live/matrix-media-repo/commit/77ec2354e8f46d5ef149d1dcaf25f51c04149137",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/turt2live/matrix-media-repo/commit/77ec2354e8f46d5ef149d1dcaf25f51c04149137"
},
{
"name": "https://github.com/turt2live/matrix-media-repo/commit/bf8abdd7a5371118e280c65a8e0ec2b2e9bdaf59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/turt2live/matrix-media-repo/commit/bf8abdd7a5371118e280c65a8e0ec2b2e9bdaf59"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script"
}
],
"source": {
"advisory": "GHSA-5crw-6j7v-xc72",
"discovery": "UNKNOWN"
},
"title": "Unsafe media served inline on download endpoints in matrix-media-repo"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41318",
"datePublished": "2023-09-08T19:51:20.011Z",
"dateReserved": "2023-08-28T16:56:43.365Z",
"dateUpdated": "2024-09-26T14:03:33.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29453 (GCVE-0-2021-29453)
Vulnerability from cvelistv5 – Published: 2021-04-19 18:55 – Updated: 2024-08-03 22:02
VLAI?
Title
Denial of service through memory exhaustion
Summary
matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability.
Severity ?
5.7 (Medium)
CWE
- CWE-400 - {"CWE-400":"Uncontrolled Resource Consumption"}
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| turt2live | matrix-media-repo |
Affected:
<= 1.2.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "matrix-media-repo",
"vendor": "turt2live",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T18:55:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7"
}
],
"source": {
"advisory": "GHSA-j889-h476-hh9h",
"discovery": "UNKNOWN"
},
"title": "Denial of service through memory exhaustion",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29453",
"STATE": "PUBLIC",
"TITLE": "Denial of service through memory exhaustion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "matrix-media-repo",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.2.6"
}
]
}
}
]
},
"vendor_name": "turt2live"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h",
"refsource": "CONFIRM",
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h"
},
{
"name": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated",
"refsource": "MISC",
"url": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated"
},
{
"name": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7",
"refsource": "MISC",
"url": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7"
}
]
},
"source": {
"advisory": "GHSA-j889-h476-hh9h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29453",
"datePublished": "2021-04-19T18:55:13.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}