PYSEC-2019-185

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2019-185.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-185

Aliases

Published

2019-05-09T18:29:00Z

Modified

2023-11-08T04:01:02.324944Z

Summary

[none]

Details

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

References

Affected packages

PyPI / matrix-synapse

Package

Name: matrix-synapse; View open source insights on deps.dev
Purl: pkg:pypi/matrix-synapse

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.99.3.1

Affected versions

0.*

0.33.5

0.33.5.1

0.33.6rc1

0.33.6

0.33.7rc1

0.33.7rc2

0.33.7

0.33.8rc2

0.33.8

0.33.9

0.34.0rc1

0.34.0rc2

0.34.0

0.34.0.1

0.34.1.1

0.99.0rc1

0.99.0rc2

0.99.0rc3

0.99.0rc4

0.99.0

0.99.1rc1

0.99.1rc2

0.99.1

0.99.1.1

0.99.2rc1

0.99.2

0.99.3rc1

0.99.3