Matrix Sydent 输入验证错误漏洞

Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix Foundation in the UK. Matrix Sydent suffers from an input validation error vulnerability that stems from the fact that the lack of input validation for certain parameters may lead to overuse of disk space a...

Matrix Sydent 代码问题漏洞

Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix.org Foundation in the UK. Sydent suffers from a security vulnerability that stems from a lack of parameter validation or IP address blacklisting, which could cause Sydent to send HTTP GET requests to intern...

Matrix Sydent 输入验证错误漏洞

Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix.org Foundation in the UK. Sydent suffers from a security vulnerability that can be exploited by an attacker to send arbitrary e-mail from a Sydent e-mail address...

Matrix Sydent 资源管理错误漏洞

Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix.org Foundation in the UK. Sydent suffers from a resource management error vulnerability that results in memory exhaustion and denial of service...

Open Redirect

matrix-synapse is vulnerable to open redirect. The requests to the user provided domains are allowed to external IP addresses while using transitional IPv6 addresses, affecting outbound requests to federation, identity servers, when calculating the key validity for third-party invite events,...

Denial Of Service (DoS)

matrix-synapse is vulnerable to denial of service. Lack of input validation of some parameters on the endpoints used to confirm third-party identifiers could allows an attacker to cause excessive use of disk space and memory leading to resource exhaustion...

Denial Of Service (DoS)

matrix-synapse is vulnerable to denial of service. The vulnerability exists due to missing input validation of some parameters on the endpoints used to confirm third-party identifiers...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21392 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21392 Source advisory: OSV:GHSA-5WRH-4JWV-5W78...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21394 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21394 Source advisory: OSV:GHSA-W9FG-XFFH-P362...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21393 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21393 Source advisory: OSV:GHSA-JRH7-MHHX-6H88...

GHSA-JRH7-MHHX-6H88 Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints

Impact Missing input validation of some parameters on the groups also known as communities endpoints could cause excessive use of disk space and memory leading to resource exhaustion. Additionally clients may have issues rendering large fields. Patches This issue is fixed by 9321 and 9393...

CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

CVE-2021-21393

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

DEBIAN-CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

CVE-2021-21393

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21393 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21393 Source advisory: OSV:PYSEC-2021-26...

CVE-2021-21393

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

Input validation

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

Design/Logic Flaw

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...