Package impact
npm / matrix-appservice-bridge
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32659 | medium | — | 5.5 | 5y ago | Automatic room upgrade handling can be used maliciously to bridge a room non-consentually | |||
| CVE-2023-38691 | unknown | — | — | 3y ago | matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs |