CVE-2019-18835

2019-11-0723:12:07

mitre

www.cve.org

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.9%

JSON

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

References

github.com/matrix-org/synapse/pull/6262

github.com/matrix-org/synapse/releases/tag/v1.5.0