CVE-2021-41281 |
AVG-2581 |
Medium |
Yes |
Directory traversal |
Synapse instances before version 1.47.1 with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary... |
CVE-2021-39164 |
AVG-2334 |
Medium |
Yes |
Information disclosure |
In matrix-synapse versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know... |
CVE-2021-39163 |
AVG-2334 |
Medium |
Yes |
Information disclosure |
In matrix-synapse versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of... |
CVE-2021-29471 |
AVG-1943 |
Medium |
Yes |
Denial of service |
In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content... |
CVE-2020-26891 |
AVG-1252 |
High |
Yes |
Cross-site scripting |
A security issue has been found in matrix-synapse before 1.21.0, where HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. |
CVE-2020-26890 |
AVG-1296 |
High |
Yes |
Denial of service |
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote... |
CVE-2020-26257 |
AVG-1341 |
Medium |
Yes |
Denial of service |
A security issue was found in matrix-synapse before version 1.23.1. A malicious or poorly-implemented homeserver can inject malformed events into a room by... |
CVE-2019-5885 |
AVG-846 |
High |
No |
Private key recovery |
matrix-synapse before 0.34.1 is vulnerable to private key recovery as synapse will attempt to derive a secret key from other secrets specified in the... |