AVG-1296 log

Package matrix-synapse
Status Fixed
Severity High
Type denial of service
Affected 1.19.1-1
Fixed 1.20.1-1
Current 1.118.0-1 [extra-testing]
1.117.0-1 [extra]
Ticket None
Created Mon Nov 23 18:47:20 2020
Issue Severity Remote Type Description
CVE-2020-26890 High Yes Denial of service
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote...
Date Advisory Package Type
26 Nov 2020 ASA-202011-23 matrix-synapse denial of service