matrix-synapse is vulnerable to denial of service (DoS). The vulnerability exists as a malicious homeserver could redirect requests to their .well-known file to a large file.
CPE | Name | Operator | Version |
---|---|---|---|
matrix-synapse:sid | eq | 1.23.0-1 | |
matrix-synapse:bullseye | eq | 1.23.0-1 | |
matrix-synapse:sid | eq | 1.23.0-1 | |
matrix-synapse:bullseye | eq | 1.23.0-1 |
github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
github.com/matrix-org/synapse/pull/8950
github.com/matrix-org/synapse/releases/tag/v1.25.0
github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
lists.fedoraproject.org/archives/list/[email protected]/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/
security-tracker.debian.org/tracker/CVE-2021-21274