GO-2022-0952
- Source
- https://pkg.go.dev/vuln/GO-2022-0952
- Import Source
- https://vuln.go.dev/ID/GO-2022-0952.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2022-0952
- Aliases
- Published
- 2022-08-22T18:08:50Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Incorrect event parsing in github.com/matrix-org/gomatrixserverlib
- Details
-
Power level parsing does not parse the "eventsdefault" key of the m.room.powerlevels event, setting the event default power level to zero in all cases. This can cause events to be improperly accepted or rejected in rooms where the event_default power level has been changed.
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0952" }- References
Affected packages
Go / github.com/matrix-org/gomatrixserverlib
Package
- Name
- github.com/matrix-org/gomatrixserverlib
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/matrix-org/gomatrixserverlib
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.0.0-20220815091947-723fd495dde8
Ecosystem specific
{
"imports": [
{
"path": "github.com/matrix-org/gomatrixserverlib",
"symbols": [
"Allowed",
"Event.PowerLevels",
"EventsLoader.LoadAndVerify",
"HeaderedReverseTopologicalOrdering",
"NewPowerLevelContentFromAuthEvents",
"NewPowerLevelContentFromEvent",
"RequestBackfill",
"ResolveConflicts",
"ResolveStateConflicts",
"ResolveStateConflictsV2",
"RespSendJoin.Check",
"RespState.Check",
"RespState.Events",
"ReverseTopologicalOrdering",
"VerifyAuthRulesAtState",
"VerifyEventAuthChain"
]
}
]
}