Vulnerabilities > Matrix > Synapse > 1.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-24 | CVE-2020-26890 | Improper Input Validation vulnerability in multiple products Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. | 7.5 |
| 2020-10-19 | CVE-2020-26891 | Cross-site Scripting vulnerability in Matrix Synapse AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. | 4.3 |