matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-21320 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-21320 Source advisory: OSV:GHSA-52MQ-6JCV-J79X...

User content sandbox can be confused into opening arbitrary documents

Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. Patches This has bee...

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

Code injection

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

CVE-2021-21320 User content sandbox can be confused into opening arbitrary documents

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

CVE-2021-21320

CVE-2021-21320 affects the matrix-react-sdk (Matrix React SDK) before version 3.15.0, where the user content sandbox could be abused to trigger opening unexpected documents. The issue involves a blob-origin handling scenario that, per sources, cannot access Matrix user data, so messages and secre...

Matrix Synapse Denial of Service Vulnerability (CNVD-2021-15493)

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A denial of service vulnerability exists in Synapse versions prior to 1.25.0, which stems from a malicious homeserver that redirects requests to a large file, which could lead to a denial of service...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +5 more potentially affected by CVE-2021-21274 via matrix-synapse (=1.153.0)

matrix-synapse PYPI version =1.153.0 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - matrix-server-isenguard =0.1.1, =0.1.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21274 Source advisory:...

Denial Of Service (DoS)

matrix-synapse is vulnerable to denial of service. A malicious homeserver is able to redirect requests to a very large .well-known file that leads to a denial of service condition where homeservers will consume significantly more resources when requesting the malicious .well-known file...

matrix-react-sdk 数据伪造问题漏洞

Travis Ralston matrix-react-sdk is an open source application by Travis Ralston. It is used to insert the Matrix chat/voice client into web pages. A security vulnerability exists in matrix-react-sdk before version 3.15.0, which stems from the possibility that user content sandboxing could be abus...

Denial Of Service (DoS)

matrix-synapse is vulnerable to denial of service DoS. The vulnerability exists as a malicious homeserver could redirect requests to their .well-known file to a large file...

CVE-2021-21274

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

CVE-2021-21274

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

DEBIAN-CVE-2021-21274

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

CVE-2021-21274

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21273 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21273 Source advisory: OSV:PYSEC-2021-131...