CVE-2024-51749
LOWDescription
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-51749? +
How severe is CVE-2024-51749? +
How do I check if I'm vulnerable to CVE-2024-51749? +
Related Vulnerabilities
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened …
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the …
User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened …
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's …
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into …