CVE-2024-51750

Nov. 13, 2024, 5:01 p.m.

5.0
Medium

Description

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85.

Product(s) Impacted

Product Versions
Element Web
  • 1.11.85
Element Desktop
  • 1.11.85

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-248
Uncaught Exception
An exception is thrown from a function, but it is not caught.

References

https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48
https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc

Tags

security-advisories@github.com
CWE-248
2024-11-12
CVE-2024-51750

CVSS Score

5.0 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

    View Vector String

Timeline

Published: Nov. 12, 2024, 5:15 p.m.
Last Modified: Nov. 13, 2024, 5:01 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.