CVE-2024-51750

Published Nov 12, 2024

Last updated 4 days ago

CVSS medium 5.0

Overview

Description
Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5
Impact score
1.4
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-248

Social media

Hype score
Not currently trending

  1. CVE-2024-51750 Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and De… https://t.co/yiEmjUPhNO

    @CVEnew

    12 Nov 2024

    242 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References