matrix_synapse is vulnerable to denial of service ]attacks. An authenticated attacker is able to exhaust the available stack space for the Synapse
process due to unbounded recursion, resulting in a system crash. The deployments with url_preview_enabled: true
configuration are affected.
github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
lists.fedoraproject.org/archives/list/[email protected]/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
lists.fedoraproject.org/archives/list/[email protected]/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url