3 matches found
GHSA-6JCC-XGCR-Q3H4 @fedify/fedify has Improper Authentication and Incorrect Authorization
Summary An authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor...
PT-2025-32420
Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.3.20 Fedify versions 1.4.0-dev.585 through 1.4.12 Fedify versions 1.5.0-dev.636 through 1.5.4 Fedify versions 1.6.0-dev.754 through 1.6.7 Fedify versions 1.7.0-pr.251.885 through 1.7.8 Fedify versions 1.8.0-dev.909...
Matrix Synapse Event Filtering Vulnerability
Matrix is a set of open communication networks of which Synapse is a server implementation. A security vulnerability exists in the 'ongetmissingevents' function in the handlers/federation.py file in Matrix Synapse versions prior to 0.31.1. No details of the vulnerability are provided at this time...