Lucene search
Veracode Vulnerability DatabaseVERACODE:29978HistoryApr 13, 2021 - 3:33 p.m.
Denial Of Service (DoS)
2021-04-1315:33:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
57.3%
matrix-synapse is vulnerable to denial of service. Lack of input validation of some parameters on the endpoints used to confirm third-party identifiers could allows an attacker to cause excessive use of disk space and memory leading to resource exhaustion.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-synapse:sid | eq | 1.23.0-1 | |
| matrix-synapse | le | 1.27.0 | |
| matrix-synapse:sid | eq | 1.23.0-1 | |
| matrix-synapse | le | 1.27.0 |
References
github.com/advisories/GHSA-jrh7-mhhx-6h88
github.com/matrix-org/synapse/issues/9323
github.com/matrix-org/synapse/pull/9321
github.com/matrix-org/synapse/pull/9321
github.com/matrix-org/synapse/pull/9393
github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
lists.fedoraproject.org/archives/list/[email protected]/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/
pypi.org/project/matrix-synapse/
security-tracker.debian.org/tracker/CVE-2021-21393
Related
osv
osv
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
2021-04-13 15:12:40
PYSEC-2021-26
2021-04-12 22:15:00
CVE-2021-21393
2021-04-12 22:15:00
prion
prion
Input validation
2021-04-12 22:15:00
nvd
nvd
CVE-2021-21393
2021-04-12 22:15:13
debiancve
debiancve
CVE-2021-21393
2021-04-12 22:15:13
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2021-21393
2021-04-12 00:00:00
github
github
cve
cve
CVE-2021-21393
2021-04-12 22:15:13
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)
2021-08-02 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34
2021-08-02 01:05:20