Safety vulnerability ID: 74423
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Synapse are vulnerable to improper input validation (CWE-20). This flaw allows a malicious server to send specially crafted invites over federation, disrupting the invited user's /sync functionality. The vulnerability can be exploited remotely via federation invites targeting the invite handling methods. To mitigate, update to Synapse version 1.120.1, which rejects invalid invites and restores sync functionality. As a workaround, server administrators can disable federation from untrusted servers.
Latest version: 1.121.1
Homeserver for the Matrix decentralised comms protocol
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application