Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-52mq-6jcv-j79x

GitHub Security Advisory

User content sandbox can be confused into opening arbitrary documents

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

### Impact

The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a `blob` origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets.

### Patches

This has been fixed by https://github.com/matrix-org/matrix-react-sdk/pull/5657, which is included in 3.15.0.

### Workarounds

There are no known workarounds.

Affected Packages

npm matrix-react-sdk
Affected versions: 0 (fixed in 3.15.0)

Related CVEs

CVE-2021-21320

Key Information

GHSA ID
GHSA-52mq-6jcv-j79x
Published
March 3, 2021 2:23 AM
Last Modified
April 14, 2021 7:07 PM
CVSS Score
2.5 /10
Primary Ecosystem
npm
Primary Package
matrix-react-sdk
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.