{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51750", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-31T14:12:45.790Z", "datePublished": "2024-11-12T16:34:27.928Z", "dateUpdated": "2024-11-12T17:12:21.715Z"}, "containers": {"cna": {"title": "Element allows a malicious homeserver can modify events leading to unrenderable events or rooms", "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "lang": "en", "description": "CWE-248: Uncaught Exception", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc"}, {"name": "https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48", "tags": ["x_refsource_MISC"], "url": "https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48"}], "affected": [{"vendor": "element-hq", "product": "element-web", "versions": [{"version": "< 1.11.85", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-12T16:34:27.928Z"}, "descriptions": [{"lang": "en", "value": "Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85."}], "source": {"advisory": "GHSA-w36j-v56h-q9pc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T17:12:11.203871Z", "id": "CVE-2024-51750", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T17:12:21.715Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85."}, {"lang": "es", "value": "Element es un cliente web de Matrix creado con el SDK de Matrix React. Un servidor dom\u00e9stico malintencionado puede enviar mensajes no v\u00e1lidos a trav\u00e9s de la federaci\u00f3n, lo que puede impedir que Element Web and Desktop muestre mensajes individuales o toda la sala que los contiene. Esto se solucion\u00f3 en Element Web and Desktop 1.11.85."}], "id": "CVE-2024-51750", "lastModified": "2024-11-13T17:01:58.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-11-12T17:15:10.130", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48"}, {"source": "security-advisories@github.com", "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}