What is CVE-2022-36059?

CVE-2022-36059 is a high-severity vulnerability in Matrix-org Matrix-js-sdk, classified under Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution). CVSS score: 8.2/10. Published 2023-03-28.

How severe is CVE-2022-36059?

High severity. CVSS v3 base score is 8.2 out of 10.

Prototype Pollution in Matrix-org Matrix-js-sdk

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potent…

Vulnerability class: Prototype Pollution

EPSS: 0.003 (49.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H.

Affected products

Matrix-org Matrix-js-sdk — versions < 19.4.0

Weakness classification (CWE)

CWE-1321 — Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution)

References

https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-36059?: CVE-2022-36059 is a high-severity vulnerability in Matrix-org Matrix-js-sdk, classified under Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution). CVSS score: 8.2/10. Published 2023-03-28.
How severe is CVE-2022-36059?: High severity. CVSS v3 base score is 8.2 out of 10.