OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-09 13:09:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add matrix-sdk-crypto (#1550)

Browse Source 
* Add matrix-sdk-crypto

* Oops filename

* Fix URL
This commit is contained in:
pinkforest(she/her)
2023-02-02 22:32:39 +11:00
committed by GitHub
parent 9649b3d615
commit faeab0e649
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/matrix-sdk-crypto/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "matrix-sdk-crypto"
date = "2022-09-29"
url = "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb"
references = ["https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd"]
aliases = ["CVE-2022-39252", "GHSA-vp68-2wrm-69qm"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
[versions]
patched = [">= 0.6.0"]
```
# matrix-sdk Impersonation of room keys
When the user receives a forwarded room key, the software accepts it without
checking who the room key came from. This allows homeservers to try to insert
room keys of questionable validity, potentially mounting an impersonation attack.