Vulnerabilities > Matrix > Synapse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-21332 | Cross-site Scripting vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). | 8.2 |
| 2021-02-26 | CVE-2021-21274 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). | 6.5 |
| 2021-02-26 | CVE-2021-21273 | Open Redirect vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). | 6.1 |
| 2020-12-09 | CVE-2020-26257 | Resource Exhaustion vulnerability in multiple products Matrix is an ecosystem for open federated Instant Messaging and VoIP. | 6.5 |
| 2020-11-24 | CVE-2020-26890 | Improper Input Validation vulnerability in multiple products Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. | 7.5 |
| 2020-10-19 | CVE-2020-26891 | Cross-site Scripting vulnerability in Matrix Synapse AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. | 6.1 |
| 2019-11-08 | CVE-2019-18835 | Insufficient Verification of Data Authenticity vulnerability in Matrix Synapse Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. | 9.8 |
| 2019-05-09 | CVE-2019-11842 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Matrix Sydent and Synapse An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. | 7.5 |
| 2019-03-21 | CVE-2019-5885 | Use of Insufficiently Random Values vulnerability in multiple products Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | 7.5 |
| 2018-09-18 | CVE-2018-16515 | Improper Verification of Cryptographic Signature vulnerability in multiple products Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | 8.8 |