Vulnerabilities > Matrix > Synapse > 0.32.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-26891 | Cross-site Scripting vulnerability in Matrix Synapse AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. | 4.3 |
| 2019-11-08 | CVE-2019-18835 | Insufficient Verification of Data Authenticity vulnerability in Matrix Synapse Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. | 7.5 |
| 2019-05-09 | CVE-2019-11842 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Matrix Sydent and Synapse An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. | 5.0 |
| 2019-03-21 | CVE-2019-5885 | Use of Insufficiently Random Values vulnerability in multiple products Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | 7.5 |
| 2018-09-18 | CVE-2018-16515 | Improper Verification of Cryptographic Signature vulnerability in multiple products Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | 8.8 |