17 matches found
EUVD-2025-0090
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-39335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request...
Denial-of-Service (DoS)
Synapse is vulnerable to a Denial-Of-Service. The vulnerability is due to improper handling of maliciously crafted federation events, where a malicious Matrix server can send crafted events that prevent Synapse from federating with other servers...
CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...
PT-2025-2932 · Unknown +1 · Gomatrixserverlib +1
Name of the Vulnerable Software and Affected Versions: Gomatrixserverlib affected versions not specified Description: Gomatrixserverlib is a Go library for matrix federation. It is vulnerable to server-side request forgery, serving content from a private network it can access, under certain...
Fedora 37 : matrix-synapse (2023-eb65439ec0)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-eb65439ec0 advisory. Security fix for CVE-2022-39335 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
SUSE CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
DEBIAN-CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
PYSEC-2023-65
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
UBUNTU-CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
CVE-2022-39335 Synapse does not apply enough checks to servers requesting auth events of events in a room
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
PT-2023-13719 · Synapse +2 · Synapse +2
Name of the Vulnerable Software and Affected Versions: Synapse versions up to and including 1.68.0 Description: The Matrix Federation API in Synapse allows remote homeservers to request authorization events in a room, which is necessary for validating the legitimacy and permission of events...
SUSE CVE-2020-26890
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...
UBUNTU-CVE-2021-21274
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...