CVE-2021-32622

File upload local preview can run embedded scripts after user interaction

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. This vulnerability is patched in version 3.21.0.

Matrix-React-SDK es un SDK basado en react para insertar un cliente de chat/voip de Matrix en una página web. Anterior a versión 3.21.0, al cargar un archivo, la vista previa del archivo local puede conllevar a una ejecución de scripts insertados en el archivo cargado. Esto solo puede ocurrir después de varias interacciones del usuario para abrir la vista previa en una pestaña separada. Esto solo afecta al usuario local durante el proceso de carga. No puede ser explotado remotamente o por otros usuarios. Esta vulnerabilidad está parcheada en la versión 3.21.0

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-05-12 CVE Reserved
2021-05-17 CVE Published
2024-01-31 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/matrix-org/matrix-react-sdk/pull/5981	2021-05-25
https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-8796-gc9j-63rv	2021-05-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Matrix-react-sdk Project Search vendor "Matrix-react-sdk Project"		Matrix-react-sdk Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk"				< 3.21.0 Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk" and version " < 3.21.0"		node.js		Affected