Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Element's thumbnails can be abused to misrepresent the content of an attachment
Vulnerability Description
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
关键信息的UI错误表达
Vulnerability Title
Element 安全漏洞
Vulnerability Description
Element是Element开源的一个 Matrix 网络协作客户端。 Element 1.11.85之前版本存在安全漏洞,该漏洞源于没有检查附件、贴纸和图片的缩略图是否连贯。
CVSS Information
N/A
Vulnerability Type
N/A