CVE-2022-39200
Dendrite (Matrix homeserver, Go) had a vulnerability where events fetched from a remote server via /get_missing_events were not verified for signatures. This could allow a remote homeserver to provide invalid/modified events to Dendrite through that endpoint. Other endpoints such as /event or /st...