Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Vulnerability Description
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Matrix Synapse 安全漏洞
Vulnerability Description
Matrix Synapse是英国Matrix基金会的一款矩阵管理服务器的实现。 Matrix Synapse 1.94.0之前版本存在安全漏洞,该漏洞源于恶意服务器ACL事件会影响服务器性能并导致拒绝服务(DOS)。
CVSS Information
N/A
Vulnerability Type
N/A