Lucene search

K

Veracode Vulnerability DatabaseVERACODE:28528

HistoryDec 10, 2020 - 4:22 a.m.

Denial Of Service (DoS)

2020-12-1004:22:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

denial of service

injection vulnerability

matrix software.

EPSS

0.002

Percentile

52.7%

Matrix is vulnerable to denial of service and injection vulnerability. An attacker may inject a crafted event into a room by specifying a different room id in the path of a /send_join, /send_leave, /invite or /exchange_third_party_invite request leading to a denial of service in which future events will not be correctly sent to other servers over federation.

References

github.com/advisories/GHSA-hxmp-pqch-c8mm

github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09

github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b

github.com/matrix-org/synapse/pull/8776

github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm

lists.fedoraproject.org/archives/list/[email protected]/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC/

lists.fedoraproject.org/archives/list/[email protected]/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7/

EPSS

0.002

Percentile

52.7%

Related for VERACODE:28528

openvas2 osv4 ubuntucve1 prion1 fedora2 github1 cve1 nessus3 nvd1 freebsd1 cvelist1 alpinelinux1 debiancve1