Home > Vulnerability Database > WS-2021-0107

Mend.io Vulnerability Database

WS-2021-0107

Good to know:

Date: May 17, 2021

In matrix-react-sdk before 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file, but only after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users.

Language: TYPE_SCRIPT

Severity Score

5.9

Related Resources (2)

Url: https://github.com/matrix-org/matrix-react-sdk/commit/45acf70b00cb0c51740455d09164b1c3c033b5f3

Url: https://www.mend.io/vulnerability-database/WS-2021-0107

Severity Score

5.9

Weakness Type (CWE)

Code Injection

CWE-94

OS Command Injections

CWE-78

Top Fix

Upgrade Version

Upgrade to version matrix-react-sdk - 3.21.0

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2021-0107

Good to know:

Date: May 17, 2021

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?