Lucene search
PRIOn knowledge basePRION:CVE-2021-21320HistoryMar 02, 2021 - 3:15 a.m.
Code injection
2021-03-0203:15:00
PRIOn knowledge base
www.prio-n.com
3
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-react-sdk | lt | 3.15.0 |
Related
cvelist
cvelist
cve
cve
CVE-2021-21320
2021-03-02 03:15:13
veracode
veracode
Sandbox Restrictions Bypass
2021-03-03 02:54:55
osv
osv
CVE-2021-21320
2021-03-02 03:15:13
User content sandbox can be confused into opening arbitrary documents
2021-03-03 02:23:56
nvd
nvd
CVE-2021-21320
2021-03-02 03:15:13
nodejs
nodejs
Sandbox Breakout
2021-03-03 02:27:35
github
github
User content sandbox can be confused into opening arbitrary documents
2021-03-03 02:23:56