synapse is vulnerable to denial of service. An attacker can send an invalid JSON data to Synapse which will relay the data to clients. This is possible as non-standard NaN, Infinity, and -Infinity JSON values are not sanitized and are passed on to the client which could crash or hang.
github.com/advisories/GHSA-4mp3-385r-v63f
github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f
lists.fedoraproject.org/archives/list/[email protected]/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ/
lists.fedoraproject.org/archives/list/[email protected]/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ/