This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Security: matrix-org/synapse
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Denial of service due to malicious server ACL eventsGHSA-5chr-wjw5-3gq4 published
Oct 10, 2023 by reivilibreModerate -
Improper validation of receipts allows forged read receiptsGHSA-7565-cq32-vx2x published
Sep 26, 2023 by erikjohnstonLow -
Leak of remote user device informationGHSA-mp92-3jfm-3575 published
Oct 31, 2023 by erikjohnstonModerate -
Temporary storage of plaintext passwords during password changesGHSA-4f74-84v3-j9q5 published
Sep 26, 2023 by erikjohnstonLow -
Improper checks for deactivated users during loginGHSA-26c5-ppr8-f33p published
Jun 6, 2023 by erikjohnstonLow -
URL deny list bypass via oEmbed and image URLs when generating previewsGHSA-98px-6486-j7qc published
Jun 6, 2023 by erikjohnstonLow -
Outgoing federation to specific hosts can be disabled by sending malicious invitesGHSA-f3wc-3vxv-xmvr published
May 24, 2023 by dkasakModerate -
Denial of service due to incorrect application of event authorization rules during state resolutionGHSA-p9qp-c452-f9r7 published
May 24, 2023 by dkasakModerate -
Synapse does not apply enough checks to servers requesting auth events of events in a roomGHSA-45cj-f97f-ggwv published
May 24, 2023 by dkasakModerate -
Denial of service due to incorrect application of event authorization rulesGHSA-jhjh-776m-4765 published
Aug 31, 2022 by richvdhModerate