CVE-2024-50336

Publication date 12 November 2024

Last updated 3 February 2026

Ubuntu priority

Description

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
node-matrix-js-sdk	25.10 questing	Not in release
	25.04 plucky	Not in release
	24.10 oracular	Ignored end of life, was needs-triage
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
firefox	25.10 questing	Not affected
	24.04 LTS noble	Not affected
	22.04 LTS jammy	Not affected
thunderbird	25.10 questing	Not affected
	24.04 LTS noble	Not affected
	22.04 LTS jammy	Fixed 1:140.7.1+build1-0ubuntu0.22.04.1
mozjs38	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	18.04 LTS bionic	Needs evaluation
mozjs52	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Ignored
	18.04 LTS bionic	Ignored
mozjs68	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Ignored
mozjs78	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Ignored
mozjs91	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Ignored
mozjs102	25.10 questing	Not in release
	24.04 LTS noble	Ignored
	22.04 LTS jammy	Ignored
mozjs115	25.10 questing	Not in release
	24.04 LTS noble	Ignored
	22.04 LTS jammy	Not in release

References

Related Ubuntu Security Notices (USN)

USN-7991-1
Thunderbird vulnerabilities
2 February 2026

CVE-2024-50336

Description

Status

References

Related Ubuntu Security Notices (USN)

Other references