Описание
User content sandbox can be confused into opening arbitrary documents
Impact
The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets.
Patches
This has been fixed by https://github.com/matrix-org/matrix-react-sdk/pull/5657, which is included in 3.15.0.
Workarounds
There are no known workarounds.
Ссылки
- https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-52mq-6jcv-j79x
- https://nvd.nist.gov/vuln/detail/CVE-2021-21320
- https://github.com/matrix-org/matrix-react-sdk/pull/5657
- https://github.com/matrix-org/matrix-react-sdk/commit/b386f0c73b95ecbb6ea7f8f79c6ff5171a8dedd1
- https://www.npmjs.com/package/matrix-react-sdk
Пакеты
matrix-react-sdk
< 3.15.0
3.15.0
Связанные уязвимости
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.