跳转到帖子

FreeBSD: VID-71F3E9F0-BAFC-11EF-885D-901B0E934D69 (CVE-2024-52815): py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

FreeBSD: VID-71F3E9F0-BAFC-11EF-885D-901B0E934D69 (CVE-2024-52815): py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
12/03/2024
Created
12/19/2024
Added
12/18/2024
Modified
12/18/2024

Description

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.

Solution(s)

  • freebsd-upgrade-package-py310-matrix-synapse
  • freebsd-upgrade-package-py311-matrix-synapse
  • freebsd-upgrade-package-py38-matrix-synapse
  • freebsd-upgrade-package-py39-matrix-synapse

References

  • CVE-2024-52815
  • 引用
  • Mention
    • 查看数 698
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表