2 matches found
CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...
GHSA-98PX-6486-J7QC Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Impact A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the urlpreviewiprangeblacklist setting by default this only allows public IPs and by t...