Add entries to Security Hall of Fame

matrix-org · Aug 30, 2024 · e7ce6ba · e7ce6ba
1 parent be3e9de
commit e7ce6ba
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml
@@ -1,3 +1,30 @@
+[[findings]]
+date = "2024-05-26"
+reporter.name = "Charlotte"
+reporter.link = "https://github.com/DarkKirb"
+summary = """
+Found room preview settings were controllable by the homeserver.
+"""
+project = "Matrix JS SDK"
+
+[[findings]]
+date = "2024-05-26"
+reporter.name = "morguldir"
+reporter.link = "https://github.com/morguldir/"
+summary = """
+Discovered a way to freeze clients using the Matrix JS SDK by crafting a room with itself as its predecessor (CVE-2024-42369 / GHSA-vhr5-g3pm-49fm).
+"""
+project = "Matrix JS SDK"
+
+[[findings]]
+date = "2024-04-25"
+reporter.name = "Johannes Marbach"
+reporter.link = "https://github.com/Johennes"
+summary = """
+Identified a method to supply arbitrary parameter to sonar-scanner.
+"""
+project = "matrix-org/sonarcloud-workflow-action"
+
 [[findings]]
 date = "2023-07-31"
 reporter.name = "Martin Schobert, Pentagrid AG"