cvedb.io
CVE-2024-52602
MEDIUM · CVSS 5
EPSS exploitation probability: 0%
Published 2025-01-16T20:15:32.503 · Last modified 2026-06-17T08:07:31.890

Summary

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.

Affected products

t2bot — matrix-media-repo

Does this affect you?

Add your gear to cvedb and we'll alert you only when t2bot ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.