Lucene search
Veracode Vulnerability DatabaseVERACODE:29518HistoryFeb 28, 2021 - 1:21 a.m.
Denial Of Service (DoS)
2021-02-2801:21:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.002 Low
EPSS
Percentile
54.8%
matrix-synapse is vulnerable to denial of service (DoS). The vulnerability exists as a malicious homeserver could redirect requests to their .well-known file to a large file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-synapse:sid | eq | 1.23.0-1 | |
| matrix-synapse:bullseye | eq | 1.23.0-1 | |
| matrix-synapse:sid | eq | 1.23.0-1 | |
| matrix-synapse:bullseye | eq | 1.23.0-1 |
References
github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
github.com/matrix-org/synapse/pull/8950
github.com/matrix-org/synapse/releases/tag/v1.25.0
github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
lists.fedoraproject.org/archives/list/[email protected]/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/
security-tracker.debian.org/tracker/CVE-2021-21274
Related
veracode
veracode
Denial Of Service (DoS)
2021-03-01 07:37:05
osv
osv
PYSEC-2021-132
2021-02-26 18:15:00
Denial of service attack via .well-known lookups
2021-03-01 19:34:54
CVE-2021-21274
2021-02-26 18:15:12
prion
prion
Code injection
2021-02-26 18:15:00
github
github
Denial of service attack via .well-known lookups
2021-03-01 19:34:54
debiancve
debiancve
CVE-2021-21274
2021-02-26 18:15:12
cvelist
cvelist
CVE-2021-21274 Denial of service attack via .well-known lookups
2021-02-26 17:25:16
cve
cve
CVE-2021-21274
2021-02-26 18:15:12
nvd
nvd
CVE-2021-21274
2021-02-26 18:15:12
ubuntucve
ubuntucve
CVE-2021-21274
2021-02-26 00:00:00
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)
2021-08-02 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34
2021-08-02 01:05:20