CVE-2023-30609

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30609.json",
    "cwe_ids": [
        "CWE-74"
    ]
}

References

Affected packages

Git / github.com/matrix-org/matrix-react-sdk

Affected ranges

Type: GIT
Repo: https://github.com/matrix-org/matrix-react-sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3992c97fe22aaf7882f132ed8ee178b0a408a09b

Affected versions

v0.*

v0.0.2

v0.1.1

v0.10.2

v0.12.4

v0.12.4-rc.1

v0.12.4-rc.2

v0.12.4-rc.3

v0.12.4-rc.4

v0.12.4-rc.5

v0.12.4-rc.6

v0.12.5

v0.12.6

v0.12.6-rc.1

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.4-r1

v0.6.5

v0.7.0-rc1

v0.7.0-rc2

v0.7.2

v0.7.3

v0.7.4

v0.7.5-rc.1

v0.8.0

v0.8.2

v0.8.3

v0.8.6-rc.1

v0.8.6-rc.2

v0.9.0

v0.9.0-rc.2

v0.9.1

v1.*

v1.6.1

v1.7.2

v2.*

v2.1.1

v2.2.2

v3.*

v3.0.0

v3.71.0-rc.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30609.json"