AVG-1252 log

Package matrix-synapse
Status Fixed
Severity High
Type cross-site scripting
Affected 1.20.1-1
Fixed 1.21.0-1
Current 1.120.0-1 [extra-testing]
1.119.0-1 [extra]
Ticket None
Created Thu Oct 15 15:20:30 2020
Issue Severity Remote Type Description
CVE-2020-26891 High Yes Cross-site scripting
A security issue has been found in matrix-synapse before 1.21.0, where HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks.
Date Advisory Package Type
03 Nov 2020 ASA-202011-4 matrix-synapse cross-site scripting
References
https://github.com/matrix-org/synapse/releases/tag/v1.21.2