Open redirect via transitional IPv6 addresses on dual-stack networks

Impact Requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL...

CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

Insecure Access Controls

matrix-synapse is vulnerable to authorization bypass. Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications, potentially resulting in Synapse to make requests to the internal...

Domain Integration (Drupal 7) - Moderately critical - Access bypass - SA-CONTRIB-2017-084

This module enables you to integrate the Domain module with other popular Drupal modules. The Domain Integration Login Restrict sub-module enables you to restrict access to a domain based on the assigned domains on a user. The Domain Integration Login Restrict sub-module doesn't sufficiently chec...