Matrix Rust SDK SQL Injection Vulnerability in EventCache Method
Vulnerability
A SQL injection vulnerability has been identified in the Matrix Rust SDK, specifically in versions 0.11 and 0.12. The issue arises in the EventCache::find_event_with_relations method, where malicious room members can execute arbitrary SQL commands. This vulnerability is present in Matrix clients that directly pass relation types from those room members into the method, using the default SQLite-based store backend. Although the vulnerability exists, exploitation is unlikely because no known clients currently use the API in this way.
Impact
Exploitation of this vulnerability allows for arbitrary SQL command execution, potentially leading to unauthorized data access or manipulation within the application's database.
Remediation
Users can upgrade to Matrix Rust SDK version 0.13 or later to address this vulnerability. Alternatively, when using versions 0.11 or 0.12, the issue can be mitigated by passing only trusted or sanitized relation types to the filter argument of the EventCache::find_event_with_relations() method.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.