2 matches found
CVE-2022-39200
Dendrite (Matrix homeserver, Go) had a vulnerability where events fetched from a remote server via /get_missing_events were not verified for signatures. This could allow a remote homeserver to provide invalid/modified events to Dendrite through that endpoint. Other endpoints such as /event or /st...
CVE-2022-36009
CVE-2022-36009 affects gomatrixserverlib (Matrix federation library) and the Dendrite server. The root cause was incorrect parsing of the m.room.power_levels events_default field, which could cause events to be improperly authorized or rejected in rooms where events_default had been changed. A fi...