GHSA-7h5v-85w9-pq6c

Source

https://github.com/advisories/GHSA-7h5v-85w9-pq6c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-7h5v-85w9-pq6c/GHSA-7h5v-85w9-pq6c.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-7h5v-85w9-pq6c

Published

2021-05-19T23:01:45Z

Modified

2024-12-02T05:46:40.398769Z

Summary

Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

Details

Impact

Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

Patches

The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.

Workarounds

There are no known workarounds.

References

n/a

For more information

If you have any questions or comments about this advisory, email us at security@matrix.org.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-19T19:34:56Z"
}

References

Affected packages

PyPI / matrix-synapse

Package

Name: matrix-synapse; View open source insights on deps.dev
Purl: pkg:pypi/matrix-synapse

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.33.0

Affected versions

0.*

0.33.5

0.33.5.1

0.33.6rc1

0.33.6

0.33.7rc1

0.33.7rc2

0.33.7

0.33.8rc2

0.33.8

0.33.9

0.34.0rc1

0.34.0rc2

0.34.0

0.34.0.1

0.34.1.1

0.99.0rc1

0.99.0rc2

0.99.0rc3

0.99.0rc4

0.99.0

0.99.1rc1

0.99.1rc2

0.99.1

0.99.1.1

0.99.2rc1

0.99.2

0.99.3rc1

0.99.3

0.99.3.1

0.99.3.2

0.99.4rc1

0.99.4

0.99.5rc1

0.99.5

0.99.5.1

0.99.5.2

1.*

1.0.0rc1

1.0.0rc2

1.0.0rc3

1.0.0

1.1.0rc1

1.1.0rc2

1.1.0

1.2.0rc1

1.2.0rc2

1.2.0

1.2.1

1.3.0rc1

1.3.0

1.3.1

1.4.0rc1

1.4.0rc2

1.4.0

1.4.1rc1

1.4.1

1.5.0rc1

1.5.0rc2

1.5.0

1.5.1

1.6.0rc1

1.6.0rc2

1.6.0

1.6.1

1.7.0rc1

1.7.0rc2

1.7.0

1.7.1

1.7.2

1.7.3

1.8.0rc1

1.8.0

1.9.0.dev1

1.9.0.dev2

1.9.0rc1

1.9.0

1.9.1

1.10.0rc1

1.10.0rc2

1.10.0rc3

1.10.0rc5

1.10.0

1.10.1

1.11.0rc1

1.11.0

1.11.1

1.12.0rc1

1.12.0

1.12.1rc1

1.12.1

1.12.2

1.12.3

1.12.4rc1

1.12.4

1.13.0rc1

1.13.0rc2

1.13.0rc3

1.13.0

1.14.0rc1

1.14.0rc2

1.14.0

1.15.0rc1

1.15.0

1.15.1

1.15.2

1.16.0rc1

1.16.0rc2

1.16.0

1.16.1

1.17.0rc1

1.17.0

1.18.0rc1

1.18.0rc2

1.18.0

1.19.0rc1

1.19.0

1.19.1rc1

1.19.1

1.19.2

1.19.3

1.20.0rc1

1.20.0rc2

1.20.0rc3

1.20.0rc4

1.20.0rc5

1.20.0

1.20.1

1.21.0rc1

1.21.0rc2

1.21.0rc3

1.21.0

1.21.1

1.21.2

1.22.0rc1

1.22.0rc2

1.22.0

1.22.1

1.23.0rc1

1.23.0

1.23.1

1.24.0rc1

1.24.0rc2

1.24.0

1.25.0rc1

1.25.0

1.26.0rc1

1.26.0rc2

1.26.0

1.27.0rc1

1.27.0rc2

1.27.0

1.28.0rc1

1.28.0

1.29.0rc1

1.29.0

1.30.0rc1

1.30.0

1.30.1

1.31.0rc1

1.31.0

1.32.0rc1

1.32.0

1.32.1

1.32.2

1.33.0rc1

1.33.0rc2