CVE-2021-32659

Missing Authentication for Critical Function in npm/matrix-appservice-bridge

Identifiers

CVE-2021-32659, GHSA-35g4-qx3c-vjhx

Package Slug

npm/matrix-appservice-bridge

Vulnerability

Missing Authentication for Critical Function

Description

If a bridge has room upgrade handling turned on in the configuration (the roomUpgradeOpts key when instantiating a new Bridge instance.), any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room.

Affected Versions

All versions before 2.6.1

Solution

Upgrade to version 2.6.1 or above.

Last Modified

2021-07-12

source