31 matches found
EUVD-2022-6895
Malicious code in bioql PyPI...
EUVD-2022-6558
Malicious code in bioql PyPI...
CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
GO-2022-0989 Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite
Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite...
Dendrite signature checks not applied to some retrieved missing events
Impact Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through...
GHSA-PFW4-XJGM-267C Dendrite signature checks not applied to some retrieved missing events
Impact Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through...
Signature Verification Bypass
github.com/matrix-org/dendrite is vulnerable to signature verification bypass. A remote attacker is able to provide invalid or modified malicious events to spread via an endpoint because the events retrieved from a remote homeserver using the /getmissingevents path does not verify their signature...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
Design/Logic Flaw
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200 Signature checks not applied to some retrieved missing events
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200 Signature checks not applied to some retrieved missing events
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200 Signature checks not applied to some retrieved missing events
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200
Dendrite (Matrix homeserver, Go) had a vulnerability where events fetched from a remote server via /get_missing_events were not verified for signatures. This could allow a remote homeserver to provide invalid/modified events to Dendrite through that endpoint. Other endpoints such as /event or /st...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
Dendrite 数据伪造问题漏洞
Dendrite is a second-generation Matrix home server written in Go and open-sourced by the Matrix Foundation. Dendrite 0.9.7 and prior versions are vulnerable to a data forgery issue that stems from events retrieved from a remote master server using the "/getmissingevents" path without properly...
FreeBSD : dendrite -- Signature checks not applied to some retrieved missing events (4ebaa983-3299-11ed-95f8-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4ebaa983-3299-11ed-95f8-901b0e9408dc advisory. - Dendrite team reports: Events retrieved from a remote homeserver using /getmissingevents did not have...
PT-2022-24802 · Dendrite · Dendrite
Name of the Vulnerable Software and Affected Versions: Dendrite versions prior to 0.9.8 Description: The issue concerns events retrieved from a remote homeserver using the "/get missing events" path, where signatures were not verified correctly. This could allow a remote homeserver to provide...
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
Impact The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default power level to zero in all cases. In rooms where the "eventsdefault" power level had been changed, this could result in events either...
GHSA-GRVV-H2F9-7V9C gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
Impact The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default power level to zero in all cases. In rooms where the "eventsdefault" power level had been changed, this could result in events either...