2 matches found
CVE-2023-41318 Unsafe media served inline on download endpoints in matrix-media-repo
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...
CVE-2023-41318
CVE-2023-41318 affects matrix-media-repo and concerns an SVG/script execution vulnerability when a malicious media is uploaded and served with Content-Disposition: inline. Affected component is the matrix-media-repo media repository; the underlying cause is unsafe handling of media that can lead ...