[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-52602":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":33,"related":34,"reserved_at":9,"published_at":37,"modified_at":38,"state":39,"summary":40,"references_raw":49,"kevs":92,"epss":93,"epss_history":96,"metrics":364,"affected":377},"CVE-2024-52602","Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-918","Server-Side Request Forgery (SSRF)","The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-664","Server Side Request Forgery",[],[],[25,26],"GHSA-r6jg-jfv6-2fjv","GO-2025-3399",[],[29,31],{"_key":30},"SUSE-SU-2025:0297-1",{"_key":32},"OPENSUSE-SU-2025:14704-1",[],[35,36],{"_key":30},{"_key":32},"2025-01-16T19:14:46.822Z","2025-02-12T20:31:21.571Z","Analyzed",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":42,"epss_score":43,"severity":44,"severity_score":45,"severity_version":46,"severity_source":47,"severity_vector":48,"severity_status":39},false,"low",0.0012,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[50,60,66,71,75,79,83,88],{"url":51,"sources":52,"tags":55},"https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-r6jg-jfv6-2fjv",[53,47,54],"cve.org","osv_go",[56,57,58,59],"X Refsource CONFIRM","Vendor Advisory","WEB","Advisory",{"url":61,"sources":62,"tags":63},"https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8",[53,47,54],[64,65,58],"X Refsource MISC","Release Notes",{"url":67,"sources":68,"tags":69},"https://learn.snyk.io/lesson/ssrf-server-side-request-forgery",[53,47,54],[64,70,58],"Technical Description",{"url":72,"sources":73,"tags":74},"https://owasp.org/www-community/attacks/Server_Side_Request_Forgery",[53,47,54],[64,70,58],{"url":76,"sources":77,"tags":78},"https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang",[53,47,54],[64,70,58],{"url":80,"sources":81,"tags":82},"https://nvd.nist.gov/vuln/detail/CVE-2024-52602",[54],[59],{"url":84,"sources":85,"tags":86},"https://github.com/t2bot/matrix-media-repo",[54],[87],"PACKAGE",{"url":89,"sources":90,"tags":91},"https://pkg.go.dev/vuln/GO-2025-3399",[54],[58],[],{"date":94,"score":43,"percentile":95},"2026-06-05",0.30617,[97,101,104,107,110,113,116,119,122,126,129,132,135,138,141,145,148,151,154,157,160,163,166,169,172,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,222,225,228,231,234,237,240,243,245,248,251,254,257,260,263,266,268,271,274,277,280,283,286,289,291,294,297,300,303,306,309,311,314,317,320,322,325,328,331,334,337,340,343,346,349,352,355,358,361],{"date":98,"score":99,"percentile":100},"2025-11-04",0.00141,0.34854,{"date":102,"score":99,"percentile":103},"2025-11-05",0.34842,{"date":105,"score":99,"percentile":106},"2025-11-06",0.34839,{"date":108,"score":99,"percentile":109},"2025-11-07",0.3486,{"date":111,"score":99,"percentile":112},"2025-11-08",0.34855,{"date":114,"score":99,"percentile":115},"2025-11-09",0.34838,{"date":117,"score":99,"percentile":118},"2025-11-10",0.34785,{"date":120,"score":99,"percentile":121},"2025-11-11",0.34815,{"date":123,"score":124,"percentile":125},"2025-11-12",0.00166,0.38165,{"date":127,"score":124,"percentile":128},"2025-11-13",0.38179,{"date":130,"score":124,"percentile":131},"2025-11-14",0.38181,{"date":133,"score":124,"percentile":134},"2025-11-15",0.38176,{"date":136,"score":124,"percentile":137},"2025-11-16",0.38157,{"date":139,"score":124,"percentile":140},"2025-11-17",0.38133,{"date":142,"score":143,"percentile":144},"2025-11-18",0.00211,0.39416,{"date":146,"score":143,"percentile":147},"2025-11-19",0.39424,{"date":149,"score":143,"percentile":150},"2025-11-20",0.39425,{"date":152,"score":124,"percentile":153},"2025-11-21",0.38137,{"date":155,"score":124,"percentile":156},"2025-11-22",0.38141,{"date":158,"score":124,"percentile":159},"2025-11-23",0.38106,{"date":161,"score":124,"percentile":162},"2025-11-24",0.38094,{"date":164,"score":124,"percentile":165},"2025-11-25",0.38104,{"date":167,"score":124,"percentile":168},"2025-11-26",0.38095,{"date":170,"score":124,"percentile":171},"2025-11-27",0.38103,{"date":173,"score":124,"percentile":174},"2025-11-28",0.38075,{"date":176,"score":124,"percentile":177},"2025-11-29",0.38054,{"date":179,"score":124,"percentile":180},"2025-11-30",0.38041,{"date":182,"score":124,"percentile":183},"2025-12-01",0.38161,{"date":185,"score":124,"percentile":186},"2025-12-02",0.38169,{"date":188,"score":124,"percentile":189},"2025-12-03",0.38167,{"date":191,"score":124,"percentile":192},"2025-12-04",0.38035,{"date":194,"score":124,"percentile":195},"2025-12-05",0.38069,{"date":197,"score":124,"percentile":198},"2025-12-06",0.38067,{"date":200,"score":124,"percentile":201},"2025-12-07",0.38044,{"date":203,"score":124,"percentile":204},"2025-12-08",0.38058,{"date":206,"score":124,"percentile":207},"2025-12-09",0.38099,{"date":209,"score":124,"percentile":210},"2025-12-10",0.38158,{"date":212,"score":124,"percentile":213},"2025-12-11",0.38184,{"date":215,"score":124,"percentile":216},"2025-12-12",0.38218,{"date":218,"score":124,"percentile":219},"2025-12-13",0.38194,{"date":221,"score":124,"percentile":210},"2025-12-14",{"date":223,"score":124,"percentile":224},"2025-12-15",0.38131,{"date":226,"score":124,"percentile":227},"2025-12-16",0.38163,{"date":229,"score":124,"percentile":230},"2025-12-17",0.38208,{"date":232,"score":124,"percentile":233},"2025-12-18",0.38252,{"date":235,"score":124,"percentile":236},"2025-12-19",0.38273,{"date":238,"score":124,"percentile":239},"2025-12-20",0.38255,{"date":241,"score":124,"percentile":242},"2025-12-21",0.38203,{"date":244,"score":124,"percentile":134},"2025-12-22",{"date":246,"score":124,"percentile":247},"2025-12-23",0.38178,{"date":249,"score":124,"percentile":250},"2025-12-24",0.38192,{"date":252,"score":124,"percentile":253},"2025-12-25",0.38245,{"date":255,"score":124,"percentile":256},"2025-12-26",0.38227,{"date":258,"score":124,"percentile":259},"2025-12-27",0.38249,{"date":261,"score":124,"percentile":262},"2025-12-28",0.38143,{"date":264,"score":124,"percentile":265},"2025-12-29",0.38115,{"date":267,"score":124,"percentile":159},"2025-12-30",{"date":269,"score":124,"percentile":270},"2025-12-31",0.38172,{"date":272,"score":124,"percentile":273},"2026-01-01",0.38325,{"date":275,"score":124,"percentile":276},"2026-01-02",0.38296,{"date":278,"score":124,"percentile":279},"2026-01-03",0.38289,{"date":281,"score":124,"percentile":282},"2026-01-04",0.38124,{"date":284,"score":124,"percentile":285},"2026-01-05",0.38101,{"date":287,"score":124,"percentile":288},"2026-01-06",0.38108,{"date":290,"score":124,"percentile":224},"2026-01-07",{"date":292,"score":124,"percentile":293},"2026-01-08",0.38159,{"date":295,"score":124,"percentile":296},"2026-01-09",0.38152,{"date":298,"score":124,"percentile":299},"2026-01-10",0.38156,{"date":301,"score":124,"percentile":302},"2026-01-11",0.38132,{"date":304,"score":124,"percentile":305},"2026-01-12",0.38083,{"date":307,"score":124,"percentile":308},"2026-01-13",0.38061,{"date":310,"score":124,"percentile":265},"2026-01-14",{"date":312,"score":124,"percentile":313},"2026-01-15",0.38105,{"date":315,"score":124,"percentile":316},"2026-01-16",0.38126,{"date":318,"score":124,"percentile":319},"2026-01-17",0.38091,{"date":321,"score":124,"percentile":180},"2026-01-18",{"date":323,"score":124,"percentile":324},"2026-01-19",0.38006,{"date":326,"score":124,"percentile":327},"2026-01-20",0.37985,{"date":329,"score":124,"percentile":330},"2026-01-21",0.37961,{"date":332,"score":124,"percentile":333},"2026-01-22",0.37947,{"date":335,"score":124,"percentile":336},"2026-01-23",0.38007,{"date":338,"score":124,"percentile":339},"2026-01-24",0.38015,{"date":341,"score":124,"percentile":342},"2026-01-25",0.37958,{"date":344,"score":124,"percentile":345},"2026-01-26",0.3789,{"date":347,"score":124,"percentile":348},"2026-01-27",0.37884,{"date":350,"score":124,"percentile":351},"2026-01-28",0.37873,{"date":353,"score":124,"percentile":354},"2026-01-29",0.37849,{"date":356,"score":124,"percentile":357},"2026-01-30",0.37846,{"date":359,"score":124,"percentile":360},"2026-01-31",0.37844,{"date":362,"score":124,"percentile":363},"2026-02-01",0.37946,[365,372,375],{"source":53,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":366,"cvss_v4_0":9},{"baseScore":367,"baseSeverity":368,"vectorString":369,"impactScore":370,"exploitabilityScore":371},5,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",2.3,7.9,{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":373,"cvss_v4_0":9},{"baseScore":45,"baseSeverity":368,"vectorString":48,"impactScore":370,"exploitabilityScore":374},10,{"source":54,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":376,"cvss_v4_0":9},{"baseScore":367,"baseSeverity":9,"vectorString":369,"impactScore":370,"exploitabilityScore":371},[378,391],{"ecosystem":379,"name":380,"vendor":381,"product":382,"cpe_part":9,"purl_type":383,"purl_namespace":381,"purl_name":382,"source":9,"versions":384},"Go","github.com/t2bot/matrix-media-repo","github.com/t2bot","matrix-media-repo","golang",[385],{"version":386,"is_range":387,"range_type":388,"version_start":9,"version_start_type":9,"version_end":389,"version_end_type":390,"fixed_in":9},"lt1_3_8",true,"semver","1.3.8","excluding",{"ecosystem":9,"name":382,"vendor":392,"product":382,"cpe_part":393,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":394},"t2bot","a",[395],{"version":396,"is_range":387,"range_type":397,"version_start":9,"version_start_type":9,"version_end":389,"version_end_type":390,"fixed_in":9},"lt1.3.8","cpe"]