Impact
Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered.
Patches
This is fixed in matrix-react-sdk 3.53.0
Workarounds
There are no workarounds. Please upgrade immediately.
References
https://learn.snyk.io/lessons/prototype-pollution/javascript/
For more information
If you have any questions or comments about this advisory please email us at security at matrix.org.
Impact
Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered.
Patches
This is fixed in matrix-react-sdk 3.53.0
Workarounds
There are no workarounds. Please upgrade immediately.
References
https://learn.snyk.io/lessons/prototype-pollution/javascript/
For more information
If you have any questions or comments about this advisory please email us at security at matrix.org.