Medium severity4.3OSV Advisory· Published Jan 16, 2025· Updated Apr 15, 2026
CVE-2024-52594
CVE-2024-52594
Description
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/matrix-org/gomatrixserverlibGo | < 0.0.0-20250116181547-c4f1e01eab0d | 0.0.0-20250116181547-c4f1e01eab0d |
Affected products
5- ghsa-coords4 versionspkg:golang/github.com/matrix-org/gomatrixserverlibpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.0.0-20250116181547-c4f1e01eab0d+ 3 more
- (no CPE)range: < 0.0.0-20250116181547-c4f1e01eab0d
- (no CPE)range: < 0.0.20250128T150132-150000.1.29.1
- (no CPE)range: < 0.0.20250117T214834-1.1
- (no CPE)range: < 0.0.20250128T150132-150000.1.29.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4ff6-858j-r822ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52594ghsaADVISORY
- github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad6128nvdWEB
- github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822nvdWEB
- pkg.go.dev/vuln/GO-2025-3396ghsaWEB
News mentions
0No linked articles in our index yet.