Low severity2.6NVD Advisory· Published Mar 2, 2021· Updated Jun 17, 2026
CVE-2021-21320
CVE-2021-21320
Description
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-react-sdknpm | < 3.15.0 | 3.15.0 |
Affected products
2- Range: < 3.15.0
Patches
Vulnerability mechanics
References
6- github.com/matrix-org/matrix-react-sdk/commit/b386f0c73b95ecbb6ea7f8f79c6ff5171a8dedd1nvdPatchThird Party AdvisoryWEB
- github.com/matrix-org/matrix-react-sdk/pull/5657nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-52mq-6jcv-j79xghsaADVISORY
- github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-52mq-6jcv-j79xnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-21320ghsaADVISORY
- www.npmjs.com/package/matrix-react-sdknvdProductThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.