Safety vulnerability ID: 74422
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Synapse are vulnerable to sensitive system information exposure through image thumbnail generation. When dynamic_thumbnails is enabled, the system exposes information about and access to various image processing capabilities and helper programs like Ghostscript to unauthorized users. This unnecessarily reveals system components and expands the attack surface through uncommon image format processing. Users should upgrade to Synapse 1.120.1, which restricts thumbnail generation to PNG, JPEG, GIF, and WebP formats only. Alternatively, uninstall unused image decoder libraries and ensure remaining ones are patched.
Latest version: 1.121.1
Homeserver for the Matrix decentralised comms protocol
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application