matrix-synapse is vulnerable to path traversal. An attacker can download files from a remote server into an arbitrary directory when a media repository is enabled, potentially outside of the configured directory.
github.com/matrix-org/synapse/commit/91f2bd090
github.com/matrix-org/synapse/releases/tag/v1.47.1
github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
lists.fedoraproject.org/archives/list/[email protected]/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS/
lists.fedoraproject.org/archives/list/[email protected]/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2/