Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
github.com/matrix-org/synapse
github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9b
github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2
github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfc
github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42b
github.com/matrix-org/synapse/issues/3796#event-1833126269
lists.fedoraproject.org/archives/list/[email protected]/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P
matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1
nvd.nist.gov/vuln/detail/CVE-2018-16515