Medium severity4.3OSV Advisory· Published Dec 3, 2024· Updated Apr 15, 2026
CVE-2024-53867
CVE-2024-53867
Description
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-synapsePyPI | >= 1.113.0rc1, < 1.120.1 | 1.120.1 |
Affected products
3- ghsa-coords2 versions
>= 1.113.0rc1, < 1.120.1+ 1 more
- (no CPE)range: >= 1.113.0rc1, < 1.120.1
- (no CPE)range: < 1.120.2-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.