2 matches found
Insecure Inherited Permissions
Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions in the LookupResources API. An attacker can cause incomplete or missing results to be returned by crafting schemas that define permissions using unions referencing the same relation with different...
SUSE CVE-2021-41281
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...