CRITICAL9.1CVE-2024-53863Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders from 0, < 1.120.1
>= 0.33.3, < 0.33.3.1
HIGH8.6Improper Verification of Cryptographic Signature in matrix-synapse
from 0, < 1.5.0
HIGH8.6Improper Verification of Cryptographic Signature in matrix-synapse
from 0, < 1.5.0
HIGH7.5Synapse allows unsupported content types to lead to memory exhaustion
from 0, < 1.120.1
HIGH7.5Synapse denial of service through media disk space consumption
from 0, < 1.106.0
HIGH7.5Synapse denial of service through media disk space consumption
from 0, < 1.106
HIGH7.5Denial of service due to incorrect application of event authorization rules
from 0, < 1.62.0
HIGH7.5Denial of service due to incorrect application of event authorization rules
from 0, < 1.62.0rc1
HIGH7.5matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
from 0, < 0.99.3.1
HIGH7.5matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
from 0, < 0.99.3.1
HIGH7.5Matrix Synapse DoS
from 0, < 0.28.1
HIGH7.5Matrix Synapse Authorization Error
from 0, < 0.31.2
HIGH7.5Matrix Synapse Security Filtering Flaw
from 0, < 0.31.1
HIGH7.5Matrix Synapse Predictable Secret Key
from 0, < 0.34.0.1
HIGH7.5Matrix Synapse Predictable Secret Key
from 0, < 0.34.0.1
HIGH7.5Path traversal in Matrix Synapse
from 0, < 91f2bd0907f1d05af67166846988e49644eb650c | from 0, < 1.47.1
HIGH7.5Path traversal in Matrix Synapse
from 0, < 1.47.1
HIGH7.5Denial of service attack due to invalid JSON
from 0, < 1.20.0
HIGH7.5Denial of service attack due to invalid JSON
from 0, < 1.20.0
HIGH7.1Synapse vulnerable to federation denial of service via malformed events
from 0, < 1.127.1
MEDIUM6.9Cross-site scripting (XSS) vulnerability in the password reset endpoint
from 0, < e54746bdf7d5c831eabe4dcea76a7626f1de73df | from 0, < 1.27.0
MEDIUM6.9Cross-site scripting (XSS) vulnerability in the password reset endpoint
from 0, < 1.27.0
MEDIUM6.5Synapse V2 state resolution weakness allows Denial of Service (DoS)
from 0, < 1.105.1
MEDIUM6.5Synapse V2 state resolution weakness allows Denial of Service (DoS)
from 0, < 55b0aa847a61774b6a3acdc4b177a20dc019f01a | from 0, < 1.105.1
MEDIUM6.5Synapse Denial of service due to incorrect application of event authorization rules during state resolution
>= 1.62.0, < 1.68.0rc1
MEDIUM6.5Synapse Denial of service due to incorrect application of event authorization rules during state resolution
>= 1.62.0, < 1.68.0
MEDIUM6.5URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
from 0, < 1.61.1
MEDIUM6.5URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
from 0, < fa1308061802ac7b7d20e954ba7372c5ac292333 | from 0, < 1.61.1
MEDIUM6.5Denial of service attack via incorrect parameters in Matrix Synapse
from 0, < 1.23.1
MEDIUM6.5Denial of service attack via incorrect parameters in Matrix Synapse
from 0, < 3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b | from 0, < 1.23.1
MEDIUM6.3Open redirect via transitional IPv6 addresses on dual-stack networks
from 0, < 1.28.0
MEDIUM6.3Open redirect via transitional IPv6 addresses on dual-stack networks
from 0, < 1.28.0rc1
MEDIUM6.1HTML injection in email and account expiry notifications
from 0, < 1.27.0
MEDIUM6.1HTML injection in email and account expiry notifications
from 0, < e54746bdf7d5c831eabe4dcea76a7626f1de73df | from 0, < 1.27.0
MEDIUM6.1Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
from 0, < 1.21.0
MEDIUM6.1Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
from 0, < 1.21.0
MEDIUM5.5Synapse CPU starvation (Denial of Service)
from 0, < 1.152.1
MEDIUM5.5Synapse CPU starvation (Denial of Service)
from 0, < 1.152.1
MEDIUM5.4Synapse has improper checks for deactivated users during login
from 0, < 1.85.0
MEDIUM5.4Synapse has improper checks for deactivated users during login
from 0, < 1.85.0
MEDIUM5.3Synapse allows a a malformed invite to break the invitee's `/sync`
from 0, < 1.120.1
MEDIUM5.3Synapse's unauthenticated writes to the media repository allow planting of problematic content
from 0, < 1.106.0
MEDIUM5.3Synapse's unauthenticated writes to the media repository allow planting of problematic content
from 0, < 1.106
MEDIUM5.3Synapse vulnerable to leak of remote user device information
from 0, < daec55e1fe120c564240c5386e77941372bf458f | from 0, < 1.95.1
MEDIUM5.3Synapse vulnerable to leak of remote user device information
from 0, < 1.95.1
MEDIUM5.3Uncontrolled Resource Consumption in Matrix Synapse
from 0, < 1.53.0
MEDIUM5.3Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
from 0, < 1.28.0
MEDIUM5.3Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
from 0, < 1.28.0
MEDIUM5.3Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
from 0, < 1.28.0
MEDIUM5.3Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
from 0, < 1.28.0
MEDIUM5.0Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
from 0, < 1.74.0
MEDIUM5.0Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
from 0, < 1.74.0
MEDIUM5.0Synapse does not apply enough checks to servers requesting auth events of events in a room
from 0, < 1.69.0
MEDIUM5.0Synapse does not apply enough checks to servers requesting auth events of events in a room
from 0, < 1.69.0
MEDIUM4.9matrix-synapse vulnerable to denial of service due to malicious server ACL events
from 0, < 1.94.0
MEDIUM4.9matrix-synapse vulnerable to denial of service due to malicious server ACL events
from 0, < 1.94.0
MEDIUM4.3Synapse Matrix has a partial room state leak via Sliding Sync
>= 1.113.0rc1, < 1.120.1
MEDIUM4.3Denial of service attack via .well-known lookups
>= 0.99.0, < 1.25.0
MEDIUM4.3Denial of service attack via .well-known lookups
from 0, < ff5c4da1289cb5e097902b3e55b771be342c29d6 | >= 0.99.0, < 1.25.0
LOW3.7matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
>= 1.66.0, < 1.93.0
LOW3.7matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
>= 1.66.0, < 1.93.0
LOW3.7Denial of service attack via push rule patterns in matrix-synapse
from 0, < 03318a766cac9f8b053db2214d9c332a977d226c | from 0, < 1.33.2
LOW3.7Denial of service attack via push rule patterns in matrix-synapse
from 0, < 1.33.2
LOW3.5Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
from 0, < 1.85.0
LOW3.5Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
from 0, < 1.85.0
LOW3.1matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
>= 1.34.0, < 1.93.0
LOW3.1matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
>= 0.34.0, < 1.93.0
LOW3.1Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
from 0, < cb35df940a828bc40b96daed997b5ad4c7842fd3 | from 0, < 1.41.1
LOW3.1Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
from 0, < 1.41.1
LOW3.1Improper authorisation of members discloses room membership to non-members
from 0, < cb35df940a828bc40b96daed997b5ad4c7842fd3 | from 0, < 1.41.1
LOW3.1Improper authorisation of members discloses room membership to non-members
from 0, < 1.41.1
LOW3.1Open redirects on some federation and push requests
from 0, < 1.25.0
LOW3.1Open redirects on some federation and push requests
from 0, < 30fba6210834a4ecd91badf0c8f3eb278b72e746 | from 0, < 1.25.0
LOW2.7Synapse pagination Denial of Service
from 0, < 1.152.1
LOW2.7Synapse pagination Denial of Service
from 0, < 1.152.1
—Synapse's invalid device keys degrade federation functionality
from 0, < 1.138.3