CVE-2024-51749

Published Nov 12, 2024

Last updated 4 days ago

CVSS low 3.5

Overview

Description
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.5
Impact score
1.4
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

security-advisories@github.com
CWE-451

Social media

Hype score
Not currently trending

  1. CVE-2024-51749 Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, … https://t.co/AId88FzOOr

    @CVEnew

    12 Nov 2024

    250 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References