Information disclosure in Matrix-org Matrix-react-sdk

CVE-2024-47824

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message ke…

Vulnerability class: Information Disclosure

EPSS: 0.007 (46.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-47824?
CVE-2024-47824 is a vulnerability in Matrix-org Matrix-react-sdk, classified under Information Disclosure. Published 2024-10-15.
Is CVE-2024-47824 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.