Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NHYtZ3IzNC0yNTUz
Sydent DoS (via resource exhaustion) due to improper input validation
Impact
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.
Patches
Fixed by 3175fd3.
For more information
If you have any questions or comments about this advisory, email us at [email protected].
Permalink: https://github.com/advisories/GHSA-pw4v-gr34-2553JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NHYtZ3IzNC0yNTUz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-pw4v-gr34-2553, CVE-2021-29433
References:
- https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553
- https://pypi.org/project/matrix-sydent/
- https://nvd.nist.gov/vuln/detail/CVE-2021-29433
- https://github.com/matrix-org/sydent/commit/3175fd358ebc2c310eab7a3dbf296ce2bd54c1da
- https://github.com/advisories/GHSA-pw4v-gr34-2553
Blast Radius: 0.0
Affected Packages
pypi:matrix-sydent
Dependent packages: 0Dependent repositories: 1
Downloads: 129 last month
Affected Version Ranges: < 2.3.0
Fixed in: 2.3.0
All affected versions: 2.0.0, 2.0.1, 2.1.0, 2.2.0
All unaffected versions: 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.6.0, 2.6.1