2 matches found
CVE-2021-21273
Synapse (matrix-synapse, Python/pypi) contains a vulnerability in versions before 1.25.0 where requests to user-provided domains were not restricted to external IPs when computing the key validity for third-party invite events and push notifications. This could allow requests to internal infrastr...
CVE-2021-21273 Open redirects on some federation and push requests
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...