CVE-2024-51749
- Source
- https://cve.org/CVERecord?id=CVE-2024-51749
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51749.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-51749
- Aliases
-
- GHSA-5486-384g-mcx2
- Published
- 2024-11-12T16:34:21.603Z
- Modified
- 2025-12-05T07:18:59.964329Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Element's thumbnails can be abused to misrepresent the content of an attachment
- Details
-
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-451" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51749.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51749.json
- https://github.com/element-hq/element-web/commit/a00c343435d633e64de2c0548217aa611c7bbef5
- https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2
- https://nvd.nist.gov/vuln/detail/CVE-2024-51749
Affected packages
Git / github.com/element-hq/element-web
Affected ranges
- Type
- GIT
- Repo
- https://github.com/element-hq/element-web
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
no-media-devices-release
v0.*
v0.0.2
v0.1.2
v0.10.0
v0.10.0-rc.2
v0.10.1
v0.10.2
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.1
v0.11.2
v0.11.2-rc.1
v0.11.2-rc.2
v0.11.3
v0.11.4
v0.12.0-rc.1
v0.12.1
v0.12.1-rc.1
v0.12.2
v0.12.3
v0.12.3-rc.1
v0.12.3-rc.2
v0.12.3-rc.3
v0.12.4
v0.12.4-rc.1
v0.12.5
v0.12.6
v0.12.7
v0.12.7-rc.1
v0.12.7-rc.2
v0.12.7-rc.3
v0.13.0
v0.13.0-rc.1
v0.13.0-rc.2
v0.13.0-rc.3
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.1
v0.14.2
v0.14.2-rc.1
v0.14.2-rc.2
v0.14.2-rc.3
v0.14.3-rc.1
v0.15.0
v0.15.0-rc.1
v0.15.0-rc.2
v0.15.0-rc.3
v0.15.0-rc.4
v0.15.0-rc.5
v0.15.0-rc.6
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.4-rc.1
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.6-rc.1
v0.15.6-rc.2
v0.15.7
v0.15.7-rc.1
v0.15.7-rc.2
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.1-rc.1
v0.16.2
v0.16.3
v0.16.3-rc.1
v0.16.3-rc.2
v0.16.4
v0.16.4-rc.1
v0.16.5
v0.16.5-rc.1
v0.16.6
v0.17.0
v0.17.0-rc.1
v0.17.1
v0.17.2
v0.17.3
v0.17.3-rc.1
v0.17.4
v0.17.5
v0.17.6
v0.17.6-rc.1
v0.17.6-rc.2
v0.17.7
v0.17.8
v0.17.8-rc.1
v0.17.9
v0.17.9-rc.1
v0.3.0
v0.4.0
v0.4.1
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.4-r1
v0.7.5
v0.7.5-r1
v0.7.5-r2
v0.7.5-r3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.10
v0.9.10-rc.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.6-rc.1
v0.9.7
v0.9.7-rc.1
v0.9.7-rc.2
v0.9.7-rc.3
v0.9.8
v0.9.8-rc.1
v0.9.8-rc.2
v0.9.8-rc.3
v0.9.9
v0.9.9-rc.1
v0.9.9-rc.2
v1.*
v1.0.0
v1.0.0-rc.1
v1.0.0-rc.2
v1.0.1
v1.0.2
v1.0.2-rc.1
v1.0.2-rc.2
v1.0.2-rc.3
v1.0.3
v1.0.4
v1.0.4-rc.1
v1.0.5
v1.0.6
v1.0.6-rc.1
v1.0.7
v1.0.8
v1.1.0
v1.1.0-rc.1
v1.1.1
v1.1.2
v1.10.0
v1.10.1
v1.10.10
v1.10.11
v1.10.11-rc.1
v1.10.12
v1.10.12-rc.1
v1.10.12-rc.2
v1.10.13
v1.10.13-rc.1
v1.10.13-rc.2
v1.10.14
v1.10.14-rc.1
v1.10.15
v1.10.2
v1.10.2-rc.1
v1.10.2-rc.2
v1.10.3
v1.10.4
v1.10.5
v1.10.5-rc.1
v1.10.6
v1.10.7
v1.10.7-rc.1
v1.10.8
v1.10.8-rc.1
v1.10.9
v1.10.9-rc.1
v1.10.9-rc.2
v1.10.9-rc.3
v1.10.9-rc.4
v1.11.0
v1.11.0-rc.1
v1.11.1
v1.11.1-rc.1
v1.11.1-rc.2
v1.11.10
v1.11.11
v1.11.11-rc.1
v1.11.11-rc.2
v1.11.12
v1.11.13
v1.11.14
v1.11.14-rc.1
v1.11.14-rc.2
v1.11.15
v1.11.15-rc.1
v1.11.16
v1.11.16-rc.1
v1.11.16-rc.2
v1.11.17
v1.11.17-rc.1
v1.11.18
v1.11.18-rc.1
v1.11.18-rc.2
v1.11.18-rc.3
v1.11.18-rc.4
v1.11.19
v1.11.2
v1.11.2-rc.1
v1.11.20
v1.11.21
v1.11.21-rc.1
v1.11.22
v1.11.23
v1.11.23-rc.1
v1.11.24
v1.11.24-rc.1
v1.11.24-rc.2
v1.11.25
v1.11.25-rc.1
v1.11.25-rc.2
v1.11.25-rc.3
v1.11.26
v1.11.27
v1.11.28
v1.11.29
v1.11.29-rc.1
v1.11.3
v1.11.3-rc.1
v1.11.3-rc.2
v1.11.30
v1.11.30-rc.1
v1.11.31
v1.11.31-rc.1
v1.11.31-rc.2
v1.11.32
v1.11.32-rc.1
v1.11.32-rc.2
v1.11.32-rc.3
v1.11.33
v1.11.34
v1.11.34+patch.1
v1.11.34-patch.1
v1.11.34-rc1
v1.11.35
v1.11.35-no-media-devices-hotfix
v1.11.35-rc.1
v1.11.36
v1.11.36-rc.1
v1.11.36-rc.2
v1.11.37
v1.11.37-rc.1
v1.11.38
v1.11.39
v1.11.39-rc.1
v1.11.4
v1.11.4-rc.1
v1.11.4-rc.2
v1.11.40
v1.11.40-rc.1
v1.11.41
v1.11.41-rc.1
v1.11.41-rc.2
v1.11.42
v1.11.43
v1.11.44
v1.11.44-rc.1
v1.11.45
v1.11.46
v1.11.46-rc.1
v1.11.46-rc.2
v1.11.47
v1.11.47-rc.1
v1.11.48
v1.11.48-rc.1
v1.11.49
v1.11.5
v1.11.5-rc.1
v1.11.50
v1.11.50-rc.0
v1.11.50-rc.1
v1.11.51
v1.11.51-rc.0
v1.11.52
v1.11.52-rc.0
v1.11.53
v1.11.54
v1.11.54-rc.0
v1.11.55
v1.11.56-rc.0
v1.11.57
v1.11.57-rc.1
v1.11.58
v1.11.58-rc.0
v1.11.58-rc.1
v1.11.59
v1.11.59-rc.0
v1.11.6
v1.11.6-rc.1
v1.11.60
v1.11.60-rc.0
v1.11.61
v1.11.61-rc.0
v1.11.62
v1.11.62-rc.0
v1.11.63
v1.11.64
v1.11.64-rc.0
v1.11.65
v1.11.65-rc.0
v1.11.66
v1.11.66-rc.0
v1.11.66-rc.1
v1.11.67
v1.11.67-rc.0
v1.11.67-rc.1
v1.11.68
v1.11.68-rc.0
v1.11.69
v1.11.69-rc.0
v1.11.69-rc.1
v1.11.7
v1.11.70
v1.11.70-rc.0
v1.11.70-rc.1
v1.11.71
v1.11.71-rc.0
v1.11.72
v1.11.72-rc.0
v1.11.73
v1.11.74
v1.11.74-rc.0
v1.11.75
v1.11.76
v1.11.76-rc.0
v1.11.77
v1.11.77-rc.0
v1.11.78
v1.11.78-rc.0
v1.11.79
v1.11.8
v1.11.80
v1.11.80-rc.0
v1.11.81
v1.11.82
v1.11.82-rc.0
v1.11.83
v1.11.84
v1.11.84-rc.0
v1.11.9
v1.11.9-rc.1
v1.11.9-rc.2
v1.2.0
v1.2.0-rc.1
v1.2.1
v1.2.2
v1.2.2-rc.1
v1.2.2-rc.2
v1.2.3
v1.2.3-rc.1
v1.2.4
v1.3.0
v1.3.0-rc.1
v1.3.0-rc.2
v1.3.0-rc.3
v1.3.1
v1.3.1-rc.1
v1.3.2
v1.3.3
v1.3.4
v1.3.4-rc.1
v1.3.5
v1.3.5-rc.1
v1.3.5-rc.2
v1.3.5-rc.3
v1.3.6
v1.4.0
v1.4.0-rc.1
v1.4.0-rc.2
v1.4.1
v1.4.2
v1.4.2-rc.1
v1.5.0
v1.5.0-rc.1
v1.5.1
v1.5.1-rc.1
v1.5.1-rc.2
v1.5.10
v1.5.11
v1.5.11-rc.1
v1.5.12
v1.5.13
v1.5.13-rc.1
v1.5.14
v1.5.14-rc.1
v1.5.15
v1.5.16-rc.1
v1.5.2
v1.5.3
v1.5.4
v1.5.4-rc.1
v1.5.4-rc.2
v1.5.5
v1.5.6
v1.5.6-rc.1
v1.5.7
v1.5.7-rc.1
v1.5.7-rc.2
v1.5.8
v1.5.8-rc.1
v1.5.8-rc.2
v1.5.9
v1.5.9-rc.1
v1.6.0
v1.6.0-rc.1
v1.6.0-rc.2
v1.6.0-rc.3
v1.6.0-rc.4
v1.6.0-rc.5
v1.6.0-rc.6
v1.6.1
v1.6.1-rc.1
v1.6.2
v1.6.3
v1.6.3-rc.1
v1.6.4
v1.6.5
v1.6.6
v1.6.6-rc.1
v1.6.7
v1.6.8
v1.6.8-rc.1
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.11-rc.1
v1.7.12
v1.7.13
v1.7.13-rc.1
v1.7.14
v1.7.14-rc.1
v1.7.15
v1.7.15-rc.1
v1.7.16
v1.7.16-rc.1
v1.7.17
v1.7.17-rc.1
v1.7.18
v1.7.19
v1.7.19-rc.1
v1.7.2
v1.7.20
v1.7.21
v1.7.21-rc.1
v1.7.22
v1.7.22-rc.1
v1.7.23
v1.7.23-rc.1
v1.7.24
v1.7.24-rc.1
v1.7.25
v1.7.25-rc.1
v1.7.26
v1.7.26-rc.1
v1.7.27
v1.7.27-rc.1
v1.7.28
v1.7.28-rc.1
v1.7.29
v1.7.29-rc.1
v1.7.3
v1.7.3-rc.1
v1.7.30
v1.7.30-rc.1
v1.7.31
v1.7.31-rc.1
v1.7.32
v1.7.32-rc.1
v1.7.33
v1.7.33-rc.1
v1.7.34
v1.7.34-rc.1
v1.7.4
v1.7.4-rc.1
v1.7.5
v1.7.5-rc.1
v1.7.6
v1.7.6-rc.1
v1.7.7
v1.7.8
v1.7.8-rc.1
v1.7.9
v1.7.9-rc.1
v1.8.0
v1.8.0-rc.1
v1.8.1
v1.8.2
v1.8.2-rc.1
v1.8.2-rc.2
v1.8.2-rc.3
v1.8.3-rc.1
v1.8.3-rc.2
v1.8.4
v1.8.5
v1.8.6-rc.1
v1.8.6-rc.2
v1.9.0
v1.9.1
v1.9.1-rc.1
v1.9.1-rc.2
v1.9.10-rc.1
v1.9.10-rc.2
v1.9.2
v1.9.3
v1.9.3-rc.1
v1.9.3-rc.2
v1.9.3-rc.3
v1.9.4
v1.9.4-rc.1
v1.9.5
v1.9.5-rc.1
v1.9.6
v1.9.6-rc.2
v1.9.7
v1.9.8
v1.9.8-rc.1
v1.9.9
v1.9.9-rc.1