High severity8.8NVD Advisory· Published Sep 18, 2018· Updated Jun 17, 2026
CVE-2018-16515
CVE-2018-16515
Description
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-synapsePyPI | >= 0.33.3, < 0.33.3.1 | 0.33.3.1 |
matrix-synapsePyPI | < 0.33.2.1 | 0.33.2.1 |
Affected products
1Patches
Vulnerability mechanics
References
11- github.com/matrix-org/synapse/issues/3796nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-fmvh-rvq5-hhjxghsaADVISORY
- matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2018-16515ghsaADVISORY
- github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9bghsaWEB
- github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2ghsaWEB
- github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfcghsaWEB
- github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42bghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3PghsaWEB
- matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P/nvd
News mentions
0No linked articles in our index yet.