MEDIUM

GHSA-6qf2-7x63-mm6v

Synapse pagination Denial of Service

상세

### Impact

In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients.

Clients could therefore fail to display room history.

### Patches

Update to Synapse 1.152.1 or later.

### Workarounds

There are no known workarounds for this issue.

### Identifiers

- ELEMENTSEC-2025-1636

### For more information

If you have any questions or comments about this advisory, please email us at [security at element.io](mailto:security@element.io).

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / matrix-synapse

최초 영향 버전: 0 수정 버전: 1.152.1

수정 pip install --upgrade 'matrix-synapse>=1.152.1'

참고

https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v [WEB]
https://github.com/element-hq/synapse [PACKAGE]