matrix-react-sdk@3.0.0 vulnerabilities

SDK for matrix.org using React

Direct Vulnerabilities

Known vulnerabilities in the matrix-react-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

matrix-react-sdk is a SDK for matrix.org using React

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). When uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading.

How to fix Cross-site Scripting (XSS)?

Upgrade matrix-react-sdk to version 3.21.0 or higher.

<3.21.0
  • L
Sandbox Bypass

matrix-react-sdk is a SDK for matrix.org using React

Affected versions of this package are vulnerable to Sandbox Bypass. The user content sandbox can be abused to trick users into opening unexpected documents. Messages and secrets are not at risk: the content is opened with a blob origin, which cannot access Matrix user data.

How to fix Sandbox Bypass?

Upgrade matrix-react-sdk to version 3.15.0 or higher.

<3.15.0