GHSA-v8wm-g9f2-xjv4

Source

https://github.com/advisories/GHSA-v8wm-g9f2-xjv4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v8wm-g9f2-xjv4/GHSA-v8wm-g9f2-xjv4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v8wm-g9f2-xjv4

Aliases

CVE-2018-12291

Published

2022-05-13T01:49:32Z

Modified

2023-11-08T03:59:49.359342Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Matrix Synapse Security Filtering Flaw

Details

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly.

References

Affected packages

PyPI / matrix-synapse

Package

Name: matrix-synapse; View open source insights on deps.dev
Purl: pkg:pypi/matrix-synapse

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.31.1