|Type||Denial of service|
A security issue was found in matrix-synapse before version 1.23.1. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /send_join, /send_leave, /invite or /exchange_third_party_invite request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers.
Workaround ========== This issue can be mitigated by limiting access to the federation API to trusted servers (for example by using federation_domain_whitelist).