Fedify 安全漏洞

Fedify is a TypeScript library by the individual developer Hong Minhee. It is used to build federated server applications supported by ActivityPub and other standards. A security vulnerability exists in Fedify that originates from a denial of service that allows a user to manipulate the Webfinger...

Denial of service attack via incorrect parameters in Matrix Synapse

Impact A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invite or /exchangethirdpartyinvite request. This can lead to a denial of service in which future events will not be correctly sen...

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of t...

Nextcloud: Contacts menu (not app) fails to restrict (to local groups) for contacts from federated servers

In two Nextclouds A and B, in settings/admin/sharing, these settings are enabled: Restrict users to only share with users in their groups Restrict username autocompletion to users within the same groups Add server automatically once a federated share was created successfully Some user on A now...