Impact
The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message.
See GHSA-52rh-5rpj-c3w6 for details.
Patches
The vulnerability has been patched in matrix-appservice-irc 0.33.2.
Workarounds
Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms.
References
Credits
Discovered by Val Lorentz.
For more information
If you have any questions or comments about this advisory email us at [email protected].
Impact
The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message.
See GHSA-52rh-5rpj-c3w6 for details.
Patches
The vulnerability has been patched in matrix-appservice-irc 0.33.2.
Workarounds
Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms.
References
Credits
Discovered by Val Lorentz.
For more information
If you have any questions or comments about this advisory email us at [email protected].