Go modules package
github.com/matrix-org/dendrite
pkg:golang/github.com/matrix-org/dendrite
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-39200 | — | < 0.9.8 | 0.9.8 | Sep 12, 2022 | Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events | ||
| CVE-2022-36009 | — | < 0.9.3 | 0.9.3 | Aug 19, 2022 | gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` event, default |
- CVE-2022-39200Sep 12, 2022affected < 0.9.8fixed 0.9.8
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events
- CVE-2022-36009Aug 19, 2022affected < 0.9.3fixed 0.9.3
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` event, default