Information disclosure in Matrix-org Matrix-react-sdk
CVE-2024-47824
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message ke…
Vulnerability class: Information Disclosure
EPSS: 0.007 (46.9th percentile) — read the EPSS interpretation.
Affected products
- Matrix-org Matrix-react-sdk — versions >= 3.18.0, < 3.102.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2024-47824?
- CVE-2024-47824 is a vulnerability in Matrix-org Matrix-react-sdk, classified under Information Disclosure. Published 2024-10-15.
- Is CVE-2024-47824 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.