HIGH 8.8
PYSEC-2026-845
Matrix Synapse Improper Signature Validation
상세
Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / matrix-synapse
최초 영향 버전:
0 수정 버전: 0.33.2.1 수정
pip install --upgrade 'matrix-synapse>=0.33.2.1' 참고
- https://nvd.nist.gov/vuln/detail/CVE-2018-16515 [ADVISORY]
- https://github.com/matrix-org/synapse/issues/3796#event-1833126269 [WEB]
- https://github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9b [WEB]
- https://github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2 [WEB]
- https://github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfc [WEB]
- https://github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42b [WEB]
- https://github.com/matrix-org/synapse [PACKAGE]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P [WEB]
- https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1 [WEB]
- https://pypi.org/project/matrix-synapse [PACKAGE]
- https://github.com/advisories/GHSA-fmvh-rvq5-hhjx [ADVISORY]