CVE-2021-21320: Insufficient Verification of Data Authenticity

March 2, 2021 (updated March 8, 2021)

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so messages and secrets are not at risk.

References

nvd.nist.gov/vuln/detail/CVE-2021-21320

Detect and mitigate CVE-2021-21320 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →