GHSA-pw4v-gr34-2553
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pw4v-gr34-2553
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-pw4v-gr34-2553/GHSA-pw4v-gr34-2553.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-pw4v-gr34-2553
- Aliases
- Related
- Published
- 2021-04-16T19:53:37Z
- Modified
- 2024-09-24T16:03:29.065089Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Sydent DoS (via resource exhaustion) due to improper input validation
- Details
-
Impact
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.
Patches
Fixed by 3175fd3.
For more information
If you have any questions or comments about this advisory, email us at security@matrix.org.
- Database specific
{ "nvd_published_at": "2021-04-15T18:15:00Z", "cwe_ids": [ "CWE-20", "CWE-400" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-04-15T18:45:07Z" }- References
-
- https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553
- https://nvd.nist.gov/vuln/detail/CVE-2021-29433
- https://github.com/matrix-org/sydent/commit/3175fd358ebc2c310eab7a3dbf296ce2bd54c1da
- https://github.com/matrix-org/sydent
- https://github.com/pypa/advisory-database/tree/main/vulns/matrix-sydent/PYSEC-2021-24.yaml
- https://pypi.org/project/matrix-sydent
Affected packages
PyPI / matrix-sydent
Package
- Name
- matrix-sydent
- View open source insights on deps.dev
- Purl
- pkg:pypi/matrix-sydent