Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/turt2live/matrix-media-repo: CVE-2023-41318 #2056

Closed
GoVulnBot opened this issue Sep 8, 2023 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/turt2live/matrix-media-repo: CVE-2023-41318 #2056

GoVulnBot opened this issue Sep 8, 2023 · 1 comment
Assignees
@timothy-king
Labels
duplicate

Comments

@GoVulnBot
Copy link

CVE-2023-41318 references github.com/turt2live/matrix-media-repo, which may be a Go module.

Description:
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits 77ec235 and bf8abdd fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the Content-Disposition header returned by matrix-media-repo as a workaround.

References:

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/turt2live/matrix-media-repo
      vulnerable_at: 1.3.0
      packages:
        - package: matrix-media-repo
description: |-
    matrix-media-repo is a highly customizable multi-domain media repository for the
    Matrix chat ecosystem. In affected versions an attacker could upload a malicious
    piece of media to the media repo, which would then be served with
    `Content-Disposition: inline` upon download. This vulnerability could be
    leveraged to execute scripts embedded in SVG content. Commits `77ec235` and
    `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should
    upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should
    override the `Content-Disposition` header returned by matrix-media-repo as a
    workaround.
cves:
    - CVE-2023-41318
references:
    - advisory: https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-5crw-6j7v-xc72
    - fix: https://github.com/turt2live/matrix-media-repo/commit/77ec2354e8f46d5ef149d1dcaf25f51c04149137
    - fix: https://github.com/turt2live/matrix-media-repo/commit/bf8abdd7a5371118e280c65a8e0ec2b2e9bdaf59
    - web: https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script
@timothy-king timothy-king self-assigned this Sep 8, 2023
@timothy-king
Copy link
Contributor

Duplicate of #2053

@timothy-king timothy-king marked this as a duplicate of #2053 Sep 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timothy-king timothy-king

Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@timothy-king @GoVulnBot