Lucene search
Veracode Vulnerability DatabaseVERACODE:33083HistoryNov 24, 2021 - 6:32 a.m.
Path Traversal
2021-11-2406:32:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
path traversal
matrix-synapse
remote server
media repository
directory
security vulnerability
EPSS
0.001
Percentile
50.2%
matrix-synapse is vulnerable to path traversal. An attacker can download files from a remote server into an arbitrary directory when a media repository is enabled, potentially outside of the configured directory.
References
github.com/matrix-org/synapse/commit/91f2bd090
github.com/matrix-org/synapse/releases/tag/v1.47.1
github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
lists.fedoraproject.org/archives/list/[email protected]/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS/
lists.fedoraproject.org/archives/list/[email protected]/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2/
Related
cnvd
cnvd
Synapse path traversal vulnerability
2021-11-25 00:00:00
osv
osv
CVE-2021-41281
2021-11-23 20:15:11
Path traversal in Matrix Synapse
2021-11-23 21:58:56
matrix-synapse-1.47.1-1.1 on GA media
2024-06-15 00:00:00
cvelist
cvelist
CVE-2021-41281 Path traversal in Matrix Synapse
2021-11-23 19:15:18
fedora
fedora
[SECURITY] Fedora 35 Update: matrix-synapse-1.48.0-1.fc35
2021-12-09 01:12:46
[SECURITY] Fedora 34 Update: matrix-synapse-1.48.0-1.fc34
2021-12-09 01:35:27
freebsd
freebsd
py-matrix-synapse -- several vulnerabilities
2021-11-18 00:00:00
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-9758549fce)
2021-12-09 00:00:00
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-2f9dcdbace)
2021-12-09 00:00:00
cve
cve
CVE-2021-41281
2021-11-23 20:15:11
alpinelinux
alpinelinux
CVE-2021-41281
2021-11-23 20:15:11
prion
prion
Authentication flaw
2021-11-23 20:15:00
ubuntucve
ubuntucve
CVE-2021-41281
2021-11-23 00:00:00
debiancve
debiancve
CVE-2021-41281
2021-11-23 20:15:11
nvd
nvd
CVE-2021-41281
2021-11-23 20:15:11
github
github
Path traversal in Matrix Synapse
2021-11-23 21:58:56