Synapse Security Vulnerabilities and Issues — Synapse CVE List

Lucene search

Element-hqSynapse

3 matches found

CVE•added 2024/12/03 5:15 p.m.•60 views

CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for p...

8.2CVSS6.4AI score0.00074EPSS

CVE•added 2024/12/03 5:15 p.m.•55 views

CVE-2024-52805

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 res...

8.2CVSS6.5AI score0.00123EPSS

CVE•added 2024/12/03 5:15 p.m.•45 views

CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such...

8.7CVSS6.4AI score0.00064EPSS