MEDIUM 4.9

PYSEC-2023-199

상세

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / matrix-synapse

최초 영향 버전: 0 수정 버전: 1.94.0

수정 pip install --upgrade 'matrix-synapse>=1.94.0'

참고

https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version [WEB]
https://github.com/matrix-org/synapse/pull/16360 [ADVISORY]
https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4 [ADVISORY]