{"id":"CVE-2024-52505","summary":"matrix-appservice-irc allows IRC Command injection in provisioning API","details":"matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3.","aliases":["GHSA-c3hj-hg7p-rrq5"],"modified":"2026-04-10T05:15:06.689270Z","published":"2024-11-14T15:29:20.132Z","database_specific":{"cwe_ids":["CWE-147"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52505.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52505.json"},{"type":"ADVISORY","url":"https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c3hj-hg7p-rrq5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52505"},{"type":"FIX","url":"https://github.com/matrix-org/matrix-appservice-irc/commit/4a024eae1a992b1ea67e71a998e0b833b54221e2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/matrix-org/matrix-appservice-irc","events":[{"introduced":"0"},{"fixed":"b4377c3ebe408d6cbe6ec0308fdf0097f73f5dbf"}]}],"versions":["0.1.1","0.10.1","0.14.0-rc1","0.14.0-rc2","0.14.0-rc3","0.14.0-rc4","0.15.2","0.20.2","0.21.0","0.21.0-rc3","0.22.0","0.22.0-rc1","0.23.0","0.23.0-fosdem","0.23.0-rc1","0.24.0","0.24.0-rc1","0.25.0-rc1","0.27.0","0.27.0-rc1","0.27.0-rc2","0.27.0-rc3","0.31.0","0.31.0-rc1","0.32.0","0.32.0-rc1","0.32.0-rc2","0.33.0","0.33.0-rc2","0.33.1","0.36.0","0.37.1","0.5.0","0.7.0","0.7.1","1.0.0","1.0.0-rc1","1.0.1","2.0.0","2.0.1","3.0.0","3.0.0-rc1","3.0.1","3.0.2","develop-2019-02-17","develop-2019-11-12","develop-2019-11-15","develop-2019-11-26","develop-2019-11-28","matrix-org-testing","v0.9.0","v0.9.0-rc1","v0.9.1","v3.0.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52505.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}