Sandbox Restrictions Bypass

matrix-react-sdk is vulnerable to sandbox restrictions bypass. The vulnerability exists due to the redundant lockOrigin parameter from usercontent, allowing an attacker to use the user content sandbox to trick users into opening unexpected documents with a blob origin...

Sandbox Breakout

Overview In matrix-react-sdk before version 3.15.0 the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so messages and secrets are not at risk. Recommendation Upgrade to version 3.15...

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

matrix-react-sdk 数据伪造问题漏洞

Travis Ralston matrix-react-sdk is an open source application by Travis Ralston. It is used to insert the Matrix chat/voice client into web pages. A security vulnerability exists in matrix-react-sdk before version 3.15.0, which stems from the possibility that user content sandboxing could be abus...