How severe is CVE-2022-36060?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-36060?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2022-36060 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. This issue has been fixed in matrix-react-sdk 3.53.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2020-7600

MEDIUM

CVSS:5.3(Medium)

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused ...

CWE-13212020

CVE-2020-7608

MEDIUM

CVSS:5.3(Medium)

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

CWE-13212020

CVE-2020-7616

MEDIUM

CVSS:5.3(Medium)

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation...

CWE-13212020

CVE-2020-7618

MEDIUM

CVSS:5.3(Medium)

sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.

CWE-13212020

CVE-2020-7637

MEDIUM

CVSS:5.3(Medium)

class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __pro...

CWE-13212020

CVE-2020-7638

MEDIUM

CVSS:5.3(Medium)

confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.

CWE-13212020