matrix-appservice-irc
npm9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting matrix-appservice-ircpage 1 of 1
- CVE-2022-29166HIGHCVSS 8.0EG 8.0✓ Fixed in 0.33.22022-05-05
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has…
- CVE-2022-39202MEDIUMCVSS 4.3EG 4.3✓ Fixed in 0.35.02022-09-13
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affect…
- CVE-2022-39203HIGHCVSS 8.8EG 8.8✓ Fixed in 0.35.02022-09-13
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to…
- CVE-2022-3971MEDIUMCVSS 4.6EG 4.6✓ Fixed in 0.36.02022-11-13
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to…
- CVE-2023-38690MEDIUMCVSS 5.8EG 5.8✓ Fixed in 1.0.12023-08-04
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, wh…
- CVE-2023-38700LOWCVSS 3.5EG 3.5✓ Fixed in 1.0.12023-08-04
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to ta…
- CVE-2024-32000MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.0.02024-04-12
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID th…
- CVE-2024-39691MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.0.12024-07-05
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine wheth…
- CVE-2025-27146LOWCVSS 2.7EG 2.7✓ Fixed in 3.0.42025-02-25
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject co…
Check whether matrix-appservice-irc is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for matrix-appservice-irc CVEs against the assets you own.
Start Free Scan →