Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Vulnerability Description
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Matrix Synapse 输入验证错误漏洞
Vulnerability Description
Matrix Synapse是英国Matrix基金会的一款矩阵管理服务器的实现。 Matrix Synapse 存在安全漏洞,该漏洞源于Synapse 主服务器 X 上有权创建某些状态事件的恶意用户可以禁用从 X 到任意主服务器 Y 的出站联合。
CVSS Information
N/A
Vulnerability Type
N/A