A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component.

Affected Packages

npm matrix-appservice-irc

Affected versions: 0 (fixed in 0.36.0)

Related CVEs

CVE-2022-3971

Key Information

GHSA ID

GHSA-ffwf-47x2-jpr8

Published

November 13, 2022 12:00 PM

Last Modified

November 17, 2022 8:15 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

matrix-appservice-irc

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.