Home > Vulnerability Database > WS-2021-0107

Mend.io Vulnerability Database

WS-2021-0107

Good to know:

Date: August 19, 2025

In matrix-react-sdk before 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file, but only after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users.

Language: TYPE_SCRIPT

Severity Score

7.8

Related Resources (4)

Url: https://github.com/matrix-org/matrix-react-sdk/commit/45acf70b00cb0c51740455d09164b1c3c033b5f3

Url: https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-8796-gc9j-63rv

Url: https://github.com/matrix-org/matrix-react-sdk

Url: https://www.mend.io/vulnerability-database/WS-2021-0107

Severity Score

7.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0107

Good to know:

Date: August 19, 2025

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?