CVE-2024-50336: matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via…

CVE-2024-50336 [MEDIUM] CVE-2024-50336: matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.

CVE-2024-50336 [MEDIUM] CWE-22 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal ### Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. ### Details The Matrix specification demands homeservers to [perform validation](https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5) of the `server-name` and `media-id` components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent *client-side* path traversal. matrix-js-sdk fails to perform this validation. ### Patches Fixed

CVE-2024-50336 [MEDIUM] matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal ### Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. ### Details The Matrix specification demands homeservers to [perform validation](https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5) of the `server-name` and `media-id` components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent *client-side* path traversal. matrix-js-sdk fails to perform this validation. ### Patches Fixed

CVE-2025-8031 Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2024-50336 [MEDIUM] CVE-2024-50336: node-matrix-js-sdk - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. m... matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1. Scope: local bullseye: open

CVE-2024-50336 [MEDIUM] Mozilla Foundation Security Advisory 2024-69: CVE-2024-50336 Mozilla Foundation Security Advisory 2024-69 CVE: CVE-2024-50336 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 128.5.2

CVE-2024-50336 [MEDIUM] Mozilla Foundation Security Advisory 2025-04: CVE-2024-50336 Mozilla Foundation Security Advisory 2025-04 CVE: CVE-2024-50336 Product: Thunderbird Impact: high Fixed in: Thunderbird 134

CVE-2024-50336 [MEDIUM] Update matrix-js-sdk to v34.11.0 Update matrix-js-sdk to v34.11.0 Disclosed today: > We are notifying you of a planned security release of matrix-js-sdk, scheduled for 2024-11-12 to address a Moderate (MATRIXSEC-2021-1083, CVE-2024-50336) severity issue. The fixes will be released in matrix-js-sdk 34.11.0. Not sure what it will be or if we’ll be affected. We’re currently using v34.3.1 on Daily and v31.4.0 on ESR 128. Discussion: Created attachment 9436819 Bug 1929264 - Update matrix-js-sdk to v34.11.1. r=clokep Also bump dependencies --- The vulnerability affects us for links to attachments and the URLs we use to load avatars for users and rooms. The avatars are if anything the more important vector probably, though I'd expect it to be less useful since we load them as images (so we only make a flat GET request).