7 matches found
CVE-2019-11340
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
GHSA-Q9H8-GPW5-C95C Matrix Sydent mishandles emails
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
Matrix Sydent mishandles emails
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
CVE-2019-11340
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
CVE-2019-11340
CVE-2019-11340 stems from Matrix Sydent’s pre-1.0.2 email-domain registration checks, where Python’s email parsing edge-case allows an address like [email protected]@good.example.com to bypass restrictions because email.utils.parseaddr can return the wrong substring. The issue is tied to the e...
PT-2019-12248
Name of the Vulnerable Software and Affected Versions Matrix Sydent versions prior to 1.0.2 Description The issue arises from the handling of registration restrictions based on e-mail domain in util/emailutils.py. Specifically, when the allowed local 3pids option is enabled, it can lead to...
CVE-2012-1623
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions...