VYPR

Go modules package

github.com/matrix-org/dendrite

pkg:golang/github.com/matrix-org/dendrite

Vulnerabilities (2)

  • CVE-2022-39200Sep 12, 2022
    affected < 0.9.8fixed 0.9.8

    Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events

  • CVE-2022-36009Aug 19, 2022
    affected < 0.9.3fixed 0.9.3

    gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` event, default