Impact
A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them.
Even if the CVSS score would be 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L) we classify this as High severity issue.
Patches
This was patched in Element Web and Desktop 1.11.85.
Workarounds
None.
References
N/A.
Impact
A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them.
Even if the CVSS score would be 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L) we classify this as High severity issue.
Patches
This was patched in Element Web and Desktop 1.11.85.
Workarounds
None.
References
N/A.