Lucene search

K
osvGoogleOSV:GHSA-CPPW-2MF8-QPM5
HistoryMay 24, 2022 - 10:01 p.m.

Improper Verification of Cryptographic Signature in matrix-synapse

2022-05-2422:01:05
Google
osv.dev
7

0.002 Low

EPSS

Percentile

61.9%

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

0.002 Low

EPSS

Percentile

61.9%