VYPR
Medium severity4.3OSV Advisory· Published Jan 16, 2025· Updated Apr 15, 2026

CVE-2024-52594

CVE-2024-52594

Description

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/matrix-org/gomatrixserverlibGo
< 0.0.0-20250116181547-c4f1e01eab0d0.0.0-20250116181547-c4f1e01eab0d

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.