matrix-synapse is vulnerable to denial of service. Lack of input validation of some parameters on the endpoints used to confirm third-party identifiers could allows an attacker to cause excessive use of disk space and memory leading to resource exhaustion.
github.com/advisories/GHSA-jrh7-mhhx-6h88
github.com/matrix-org/synapse/issues/9323
github.com/matrix-org/synapse/pull/9321
github.com/matrix-org/synapse/pull/9321
github.com/matrix-org/synapse/pull/9393
github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
lists.fedoraproject.org/archives/list/[email protected]/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/
pypi.org/project/matrix-synapse/
security-tracker.debian.org/tracker/CVE-2021-21393