5 matches found
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37303 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37303 Source advisory: OSV:PYSEC-2024-287...
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
CVE-2024-37303
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...