Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Matrix Synapse Improper Signature Validation
Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
Permalink: https://github.com/advisories/GHSA-fmvh-rvq5-hhjxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 7 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-fmvh-rvq5-hhjx, CVE-2018-16515
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16515
- https://github.com/matrix-org/synapse/issues/3796#event-1833126269
- https://lists.fedoraproject.org/archives/list/[email protected]/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P/
- https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
- https://github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9b
- https://github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2
- https://github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfc
- https://github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42b
- https://github.com/advisories/GHSA-fmvh-rvq5-hhjx
Blast Radius: 12.5
Affected Packages
pypi:matrix-synapse
Dependent packages: 3Dependent repositories: 26
Downloads: 14,925 last month
Affected Version Ranges: < 0.33.2.1, >= 0.33.3, < 0.33.3.1
Fixed in: 0.33.2.1, 0.33.3.1
All affected versions: 0.33.5, 0.33.6, 0.33.7, 0.33.8, 0.33.9, 0.34.0, 0.99.0, 0.99.1, 0.99.2, 0.99.3, 0.99.4, 0.99.5, 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.8.0, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.11.0, 1.11.1, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.13.0, 1.14.0, 1.15.0, 1.15.1, 1.15.2, 1.16.0, 1.16.1, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.20.0, 1.20.1, 1.21.0, 1.21.1, 1.21.2, 1.22.0, 1.22.1, 1.23.0, 1.23.1, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0, 1.30.1, 1.31.0, 1.32.0, 1.32.1, 1.32.2, 1.33.0, 1.33.1, 1.33.2, 1.34.0, 1.35.0, 1.35.1, 1.36.0, 1.37.0, 1.37.1, 1.38.0, 1.38.1, 1.39.0, 1.40.0, 1.41.0, 1.41.1, 1.42.0, 1.43.0, 1.44.0, 1.45.0, 1.45.1, 1.46.0, 1.47.0, 1.47.1, 1.48.0, 1.49.0, 1.49.2, 1.50.0, 1.50.1, 1.50.2, 1.51.0, 1.52.0, 1.53.0, 1.54.0, 1.55.0, 1.55.1, 1.55.2, 1.56.0, 1.57.0, 1.57.1, 1.58.0, 1.58.1, 1.59.0, 1.59.1, 1.60.0, 1.61.0, 1.61.1, 1.62.0, 1.63.0, 1.63.1, 1.64.0, 1.65.0, 1.66.0, 1.67.0, 1.68.0, 1.69.0, 1.70.0, 1.70.1, 1.71.0, 1.72.0, 1.73.0, 1.74.0, 1.75.0, 1.76.0, 1.77.0, 1.78.0, 1.79.0, 1.80.0, 1.81.0, 1.82.0, 1.83.0, 1.84.0, 1.84.1, 1.85.0, 1.85.1, 1.85.2, 1.86.0, 1.87.0, 1.88.0, 1.89.0, 1.90.0, 1.91.0, 1.91.1, 1.91.2, 1.92.1, 1.92.2, 1.92.3, 1.93.0, 1.94.0, 1.95.0, 1.95.1, 1.96.1, 1.97.0, 1.98.0, 1.99.0, 1.100.0, 1.101.0, 1.102.0, 1.103.0, 1.104.0, 1.105.0, 1.105.1
All unaffected versions: