Mr-Zheev

**Name of the Vulnerable Software and Affected Versions** Matrix-React-SDK versions prior to 3.21.0 **Description** The issue arises when uploading a file, as the local file preview can lead to the execution of scripts embedded in the uploaded file. This occurs after several user interactions to open the preview in a separate tab. The impact is limited to the local user during the upload process and cannot be exploited remotely or by other users. **Recommendations** For versions prior to 3.21.0, update to version 3.21.0 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions 1.2.6 and earlier Description: The issue arises from improper handling of malicious images that are small in file size but large in complexity. A malicious user can upload a small image using specific formats that expands to extremely large dimensions during thumbnailing, causing the server to exhaust its memory and leading to denial of service. Recommendations: For versions 1.2.6 and earlier, update to version 1.2.7 to resolve the issue.