Lucene search
AnonymousNODEJS:1646HistoryMar 03, 2021 - 2:27 a.m.
Sandbox Breakout
2021-03-0302:27:35
Anonymous
www.npmjs.com
42
matrix-react-sdk
user content sandbox
unexpected documents
blob origin
github advisory
cve-2021-21320
EPSS
0.001
Percentile
38.2%
Overview
In matrix-react-sdk before version 3.15.0 the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so messages and secrets are not at risk.
Recommendation
Upgrade to version 3.15.0 or later.
References
Related
prion
prion
Code injection
2021-03-02 03:15:00
cvelist
cvelist
osv
osv
CVE-2021-21320
2021-03-02 03:15:13
User content sandbox can be confused into opening arbitrary documents
2021-03-03 02:23:56
veracode
veracode
Sandbox Restrictions Bypass
2021-03-03 02:54:55
cve
cve
CVE-2021-21320
2021-03-02 03:15:13
nvd
nvd
CVE-2021-21320
2021-03-02 03:15:13
github
github
User content sandbox can be confused into opening arbitrary documents
2021-03-03 02:23:56