GO-2025-3396

See a problem?
Please try reporting it to the source first.
Source
https://pkg.go.dev/vuln/GO-2025-3396
Import Source
https://vuln.go.dev/ID/GO-2025-3396.json
JSON Data
https://api.test.osv.dev/v1/vulns/GO-2025-3396
Aliases
Published
2025-01-16T22:53:23Z
Modified
2025-01-16T23:26:59.807208Z
Summary
Server-Side Request Forgery (SSRF) on redirects and federation in github.com/matrix-org/gomatrixserverlib
Details

Server-Side Request Forgery (SSRF) on redirects and federation in github.com/matrix-org/gomatrixserverlib

Database specific 
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2025-3396"
}
References

Affected packages

Go / github.com/matrix-org/gomatrixserverlib

Package

Name
github.com/matrix-org/gomatrixserverlib
View open source insights on deps.dev
Purl
pkg:golang/github.com/matrix-org/gomatrixserverlib

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.0-20250116181547-c4f1e01eab0d

Ecosystem specific 

{
    "imports": [
        {
            "path": "github.com/matrix-org/gomatrixserverlib/fclient",
            "symbols": [
                "Client.CreateMediaDownloadRequest",
                "Client.DoHTTPRequest",
                "Client.DoRequestAndParseResponse",
                "Client.GetServerKeys",
                "Client.GetVersion",
                "Client.LookupServerKeys",
                "Client.LookupUserInfo",
                "DNSCache.DialContext",
                "LookupWellKnown",
                "NewClient",
                "NewDNSCache",
                "NewFederationClient",
                "ResolveServer",
                "destinationTripper.RoundTrip",
                "destinationTripper.getTransport",
                "federationClient.Backfill",
                "federationClient.ClaimKeys",
                "federationClient.DoRequestAndParseResponse",
                "federationClient.DownloadMedia",
                "federationClient.ExchangeThirdPartyInvite",
                "federationClient.GetEvent",
                "federationClient.GetEventAuth",
                "federationClient.GetPublicRooms",
                "federationClient.GetPublicRoomsFiltered",
                "federationClient.GetUserDevices",
                "federationClient.LookupMissingEvents",
                "federationClient.LookupProfile",
                "federationClient.LookupRoomAlias",
                "federationClient.LookupState",
                "federationClient.LookupStateIDs",
                "federationClient.MSC2836EventRelationships",
                "federationClient.MakeJoin",
                "federationClient.MakeKnock",
                "federationClient.MakeLeave",
                "federationClient.P2PGetTransactionFromRelay",
                "federationClient.P2PSendTransactionToRelay",
                "federationClient.Peek",
                "federationClient.QueryKeys",
                "federationClient.RoomHierarchy",
                "federationClient.SendInvite",
                "federationClient.SendInviteV2",
                "federationClient.SendInviteV3",
                "federationClient.SendJoin",
                "federationClient.SendJoinPartialState",
                "federationClient.SendKnock",
                "federationClient.SendLeave",
                "federationClient.SendTransaction",
                "newDestinationTripper"
            ]
        }
    ]
}