Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:10 p.m.8 views

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

4.3CVSS6.7AI score0.00922EPSS
Exploits0References1
Node.js
Node.js
added 2021/03/03 2:27 a.m.58 views

Sandbox Breakout

Overview In matrix-react-sdk before version 3.15.0 the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so messages and secrets are not at risk. Recommendation Upgrade to version 3.15...

4.3CVSS4.5AI score0.00922EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/03/02 3:15 a.m.17 views

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

4.3CVSS0.00922EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/03/02 3:15 a.m.3 views

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

4.3CVSS5.4AI score0.00922EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2021/03/02 3:15 a.m.17 views

Code injection

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

4.3CVSS4.6AI score0.00922EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/03/02 2:45 a.m.24 views

CVE-2021-21320 User content sandbox can be confused into opening arbitrary documents

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

2.6CVSS4.9AI score0.00922EPSS
Exploits0References4
Rows per page
Query Builder