Lucene search
Veracode Vulnerability DatabaseVERACODE:29977HistoryApr 13, 2021 - 3:33 p.m.
Denial Of Service (DoS)
2021-04-1315:33:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.002 Low
EPSS
Percentile
57.3%
matrix-synapse is vulnerable to denial of service. The vulnerability exists due to missing input validation of some parameters on the endpoints used to confirm third-party identifiers.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-synapse:sid | eq | 1.23.0-1 | |
| matrix-synapse:sid | eq | 1.23.0-1 |
References
github.com/matrix-org/synapse/pull/9321
github.com/matrix-org/synapse/pull/9393
github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
lists.fedoraproject.org/archives/list/[email protected]/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/
pypi.org/project/matrix-synapse/
security-tracker.debian.org/tracker/CVE-2021-21394
Related
osv
osv
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
2021-04-13 15:12:51
CVE-2021-21394
2021-04-12 21:15:00
PYSEC-2021-27
2021-04-12 21:15:00
cvelist
cvelist
debiancve
debiancve
CVE-2021-21394
2021-04-12 21:15:14
redhatcve
redhatcve
CVE-2021-21394
2022-05-20 22:28:48
nvd
nvd
CVE-2021-21394
2021-04-12 21:15:14
ubuntucve
ubuntucve
CVE-2021-21394
2021-04-12 00:00:00
prion
prion
Input validation
2021-04-12 21:15:00
cve
cve
CVE-2021-21394
2021-04-12 21:15:14
github
github
fedora
fedora
[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34
2021-08-02 01:05:20
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)
2021-08-02 00:00:00