3662 matches found
CVE-2021-21274
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21273 via matrix-synapse (>=0.33.9 <=1.153.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21273 Source advisory: OSV:PYSEC-2021-131...
Code injection
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...
CVE-2021-21273
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...
PYSEC-2021-131
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...
Cross site request forgery (csrf)
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +5 more potentially affected by CVE-2021-21274 via matrix-synapse (=1.153.0)
matrix-synapse PYPI version =1.153.0 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - matrix-server-isenguard =0.1.1, =0.1.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21274 Source advisory:...
PYSEC-2021-131
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...
UBUNTU-CVE-2021-21274
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...
PYSEC-2021-132
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21273 via matrix-synapse (>=0.33.9 <=1.153.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21273 Source advisory: OSV:GHSA-V936-J8GP-9Q3P...
CVE-2021-21273
Synapse (matrix-synapse, Python/pypi) contains a vulnerability in versions before 1.25.0 where requests to user-provided domains were not restricted to external IPs when computing the key validity for third-party invite events and push notifications. This could allow requests to internal infrastr...
CVE-2021-21273
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...
CVE-2021-21274
CVE-2021-21274 affects Synapse (matrix-synapse) prior to version 1.25.0. A malicious homeserver could abuse .well-known redirection to a large file, causing denial of service by consuming significant resources on federated requests from untrusted servers. The issue is resolved in Synapse 1.25.0. ...
CVE-2021-21274
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...
Matrix Synapse 资源管理错误漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A denial of service vulnerability exists in Synapse versions prior to 1.25.0, which stems from a malicious homeserver that redirects requests to a large file, which could lead to a denial of service...
Matrix Synapse Input Validation Error Vulnerability
Matrix Synapse is an implementation of a matrix management server from the Matrix Foundation in the UK. A security vulnerability exists in Synapse that stems from a request to a user-provided domain being unrestricted by an external IP address when calculating key validity for third-party...
CVE-2021-25906
An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability existed in Rust prior to version 0.9.2. The vulnerability stems from an issue found in the program basicdspmatrix, which can perform two delete operations. No details of the vulnerabilit...
CVE-2021-21269
CVE-2021-21269 affects Keymaker (a Mastodon Community Finder based Matrix serverlist page). Before v0.2.0, the assets endpoint did not validate the requested extension, and the Rust join call on user input allowed a Path Traversal, enabling reading of files beyond the intended directory. This cou...