CVE-2024-51750

CVSS V2 None CVSS V3 None

Description

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85.

Overview

CVE ID
CVE-2024-51750

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-11-12T16:34:27.928Z

Last Modified Date
2024-11-12T17:12:21.715Z

Weakness Enumerations

CWE	URL
CWE-248	http://cwe.mitre.org/data/definitions/248.html

References

Reference URL	Reference Tags
https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc	x_refsource_CONFIRM
https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-51750
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51750

History

Created	Old Value	New Value	Data Type	Notes
2024-11-13 13:06:34				Added to TrackCVE