34 matches found
CVE-2026-63097
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...
CVE-2026-63095
Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...
CVE-2026-63095 Dendrite 0.13.8 Improper Authorization via POST account/3pid/delete Endpoint
Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...
EUVD-2022-6895
Malicious code in bioql PyPI...
EUVD-2022-6558
Malicious code in bioql PyPI...
CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
GO-2022-0989 Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite
Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite...
Dendrite signature checks not applied to some retrieved missing events
Impact Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through...
GHSA-PFW4-XJGM-267C Dendrite signature checks not applied to some retrieved missing events
Impact Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through...
Signature Verification Bypass
github.com/matrix-org/dendrite is vulnerable to signature verification bypass. A remote attacker is able to provide invalid or modified malicious events to spread via an endpoint because the events retrieved from a remote homeserver using the /getmissingevents path does not verify their signature...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
Design/Logic Flaw
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200
Dendrite (Matrix homeserver, Go) had a vulnerability where events fetched from a remote server via /get_missing_events were not verified for signatures. This could allow a remote homeserver to provide invalid/modified events to Dendrite through that endpoint. Other endpoints such as /event or /st...
CVE-2022-39200 Signature checks not applied to some retrieved missing events
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200 Signature checks not applied to some retrieved missing events
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200 Signature checks not applied to some retrieved missing events
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
PT-2022-24802 · Dendrite · Dendrite
Name of the Vulnerable Software and Affected Versions: Dendrite versions prior to 0.9.8 Description: The issue concerns events retrieved from a remote homeserver using the "/get missing events" path, where signatures were not verified correctly. This could allow a remote homeserver to provide...
Dendrite 数据伪造问题漏洞
Dendrite is a second-generation Matrix home server written in Go and open-sourced by the Matrix Foundation. Dendrite 0.9.7 and prior versions are vulnerable to a data forgery issue that stems from events retrieved from a remote master server using the "/getmissingevents" path without properly...