Vulnerabilities > Matrix > Synapse > 0.34.1.1

DATE CVE VULNERABILITY TITLE RISK
2020-10-19 CVE-2020-26891 Cross-site Scripting vulnerability in Matrix Synapse
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter.
network
matrix CWE-79
4.3
4.3
2019-11-08 CVE-2019-18835 Insufficient Verification of Data Authenticity vulnerability in Matrix Synapse
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs.
network
low complexity
matrix CWE-345
7.5
7.5
2019-05-09 CVE-2019-11842 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Matrix Sydent and Synapse
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1.
network
low complexity
matrix CWE-338
5.0
5.0