Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Synapse
(Matrix)| Repositories | https://github.com/matrix-org/synapse |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-14 | CVE-2018-12423 | In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | Synapse | 7.5 | ||
| 2018-06-13 | CVE-2018-12291 | The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. | Synapse | 7.5 | ||
| 2018-05-02 | CVE-2018-10657 | Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. | Synapse | 7.5 |