7.2

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-36060

GHSA ID

GHSA-2x9c-qwgf-94xr

EPSS Score

0.40509%

CWE

CWE-1321

Published

3/28/2023

Updated

3/28/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-36060

CVE-2022-36060: matrix-react-sdk Prototype pollution vulnerability

Impact

Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered.

Patches

This is fixed in matrix-react-sdk 3.53.0

Workarounds

There are no workarounds. Please upgrade immediately.

References

https://learn.snyk.io/lessons/prototype-pollution/javascript/

For more information

If you have any questions or comments about this advisory please email us at security at matrix.org.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-36060

CVE-2022-36060:

7.2

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-36060

GHSA ID

GHSA-2x9c-qwgf-94xr

EPSS Score

0.40509%

CWE

CWE-1321

Published

3/28/2023

Updated

3/28/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
matrix-react-sdk	npm	< 3.53.0	3.53.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.2

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-36060: matrix-react-sdk Prototype pollution vulnerability

Impact

Patches

Workarounds

References

For more information

CVE-2022-36060:

7.2

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

7.2

7.2

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-36060: matrix-react-sdk Prototype pollution vulnerability

Impact

Patches

Workarounds

References

For more information

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI