VYPR

Synapse

by Matrix Org

Source repositories

CVEs (25)

  • CVE-2021-21332Mar 26, 2021
    risk 0.00cvss epss 0.01

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting…

  • CVE-2021-21273Feb 26, 2021
    risk 0.00cvss epss 0.02

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when…

  • CVE-2021-21274Feb 26, 2021
    risk 0.00cvss epss 0.02

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large…

  • CVE-2020-26257Dec 9, 2020
    risk 0.00cvss epss 0.02

    Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a…

  • CVE-2019-5885Mar 19, 2019
    risk 0.00cvss epss 0.02

    Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.

Page 2 of 2