CVE-2021-32659, GHSA-35g4-qx3c-vjhx
npm/matrix-appservice-bridge
Missing Authentication for Critical Function
If a bridge has room upgrade handling turned on in the configuration (the roomUpgradeOpts
key when instantiating a new Bridge
instance.), any m.room.tombstone
event it encounters will be used to unbridge the current room and bridge into the target room.
All versions before 2.6.1
Upgrade to version 2.6.1 or above.
2021-07-12
source |