Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-s9bd-8czt-fbcg |
|---|
| Summary | File upload local preview can run embedded scripts after user interaction
### Impact
When uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file, but only after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users.
### Patches
This has been fixed by https://github.com/matrix-org/matrix-react-sdk/pull/5981, which is included in 3.21.0.
### Workarounds
There are no known workarounds. |
|---|
| Aliases |
| 0 |
| alias |
GHSA-8796-gc9j-63rv |
|
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
74 |
| name |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| description |
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 4.0 - 6.9 |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-s9bd-8czt-fbcg |
|---|