Joshqou

**Name of the Vulnerable Software and Affected Versions** matrix-media-repo versions prior to 1.3.0 **Description** The issue allows an attacker to upload malicious media to the media repository, which is then served with `Content-Disposition: inline` upon download. This can be leveraged to execute scripts embedded in SVG content. The vulnerability can be exploited through the `/ matrix/media/(r0|v3)/download` endpoint. Server operators that do not share a domain between matrix-media-repo and other services are not affected. **Recommendations** For versions prior to 1.3.0, upgrade to v1.3.0 as soon as possible. As a temporary workaround for operators unable to upgrade, override the `Content-Disposition` header returned by matrix-media-repo to always use `attachment`.