Vulnerabilities > Matrix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-19 | CVE-2022-36009 | Incorrect Authorization vulnerability in Matrix Dendrite and Gomatrixserverlib gomatrixserverlib is a Go library for matrix protocol federation. | 8.8 |
| 2022-05-05 | CVE-2022-29166 | Injection vulnerability in Matrix IRC Bridge matrix-appservice-irc is a Node.js IRC bridge for Matrix. | 8.8 |
| 2021-11-23 | CVE-2021-41281 | Path Traversal vulnerability in multiple products Synapse is a package for Matrix homeservers written in Python 3/Twisted. | 7.5 |
| 2021-04-15 | CVE-2021-29430 | Allocation of Resources Without Limits or Throttling vulnerability in Matrix Sydent Sydent is a reference Matrix identity server. | 7.5 |
| 2021-03-26 | CVE-2021-21332 | Cross-site Scripting vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). | 8.2 |
| 2020-11-24 | CVE-2020-26890 | Improper Input Validation vulnerability in multiple products Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. | 7.5 |
| 2019-05-09 | CVE-2019-11842 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Matrix Sydent and Synapse An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. | 7.5 |
| 2019-03-21 | CVE-2019-5885 | Use of Insufficiently Random Values vulnerability in multiple products Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | 7.5 |
| 2018-09-18 | CVE-2018-16515 | Improper Verification of Cryptographic Signature vulnerability in multiple products Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | 8.8 |
| 2018-06-14 | CVE-2018-12423 | Unspecified vulnerability in Matrix Synapse In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | 7.5 |