{"id":"GO-2025-3397","summary":"matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo","details":"matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo","aliases":["CVE-2024-36402","GHSA-8vmr-h7h5-cqhg"],"modified":"2026-03-03T04:57:09.574916Z","published":"2025-01-16T21:49:03Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3397"},"references":[{"type":"ADVISORY","url":"https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-8vmr-h7h5-cqhg"},{"type":"WEB","url":"https://github.com/matrix-org/matrix-spec-proposals/pull/3916"}],"affected":[{"package":{"name":"github.com/t2bot/matrix-media-repo","ecosystem":"Go","purl":"pkg:golang/github.com/t2bot/matrix-media-repo"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.5"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3397.json"}}],"schema_version":"1.7.3"}