CVE-2021-32622: Unrestricted Upload of File with Dangerous Type

May 17, 2021 (updated May 25, 2021)

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page., when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. This vulnerability is patched

References

nvd.nist.gov/vuln/detail/CVE-2021-32622

Code Behaviors & Features

Detect and mitigate CVE-2021-32622 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →