Matrix React Sdk
CVE-2021-32622
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. This vulnerability is patched in version 3.21.0.
AnalysisAI
Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-74. Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. This vulnerability is patched in version 3.21.0. Affected products include: Matrix-React-Sdk Project Matrix-React-Sdk. Version information: version 3.21.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Matrix React Sdk
View allmatrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Rated high severity (CVSS 8.2), this vulnerability
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated medium severity (CV
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated medium severity (CV
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Rated medium severity (CV
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. Rated medium severity (CVSS 4.3), this vu
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today