Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User content sandbox can be confused into opening arbitrary documents
Vulnerability Description
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
matrix-react-sdk 数据伪造问题漏洞
Vulnerability Description
Travis Ralston matrix-react-sdk是 (Travis Ralston)开源的一个应用软件。用于将Matrix聊天/语音客户端插入网页。 matrix-react-sdk before version 3.15.0 存在安全漏洞,该漏洞源于用户内容沙箱可能会被滥用来欺骗用户打开意外的文档。
CVSS Information
N/A
Vulnerability Type
N/A