matrix-synapse is vulnerable to open redirect. The requests to the user provided domains are allowed to external IP addresses while using transitional IPv6 addresses, affecting outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews and allowing to make requests to internal infrastructure on dual-stack networks.
github.com/advisories/GHSA-5wrh-4jwv-5w78
github.com/matrix-org/synapse/commit/4ca054a4eaa714d0befb4fc30b19a1131e52c9cc
github.com/matrix-org/synapse/pull/9240
github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
lists.fedoraproject.org/archives/list/[email protected]/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/
pypi.org/project/matrix-synapse/
security-tracker.debian.org/tracker/CVE-2021-21392