In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim

Impact

The Pinecone Simulator (pineconesim) included in Pinecone up to commit matrix-org/pinecone@ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconsim.

Patches

Commit matrix-org/pinecone@218b280 contains the fixes.

Workarounds

N/A

For more information

If you have any questions or comments about this advisory, please email us at security at matrix.org.

References

davidegirardi published to matrix-org/pinecone Mar 4, 2025

Published by the National Vulnerability Database Mar 4, 2025

Published to the GitHub Advisory Database Mar 4, 2025

Reviewed Mar 4, 2025

Last updated Mar 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

For more information

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

CVE ID

GHSA ID

Source code

Credits