CVE-2019-18835

2019-11-0800:15:10

Google

osv.dev

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

61.8%

JSON

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

References

github.com/matrix-org/synapse/pull/6262

github.com/matrix-org/synapse/releases/tag/v1.5.0