PYSEC-2020-238
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2020-238.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2020-238
- Aliases
- Published
- 2020-10-19T17:15:00Z
- Modified
- 2023-11-01T04:52:48.372566Z
- Summary
- [none]
- Details
-
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /matrix/client/r0/auth/*/fallback/web or /matrix/client/unstable/auth/*/fallback/web Synapse endpoints.
- References
Affected packages
PyPI / matrix-synapse
Package
- Name
- matrix-synapse
- View open source insights on deps.dev
- Purl
- pkg:pypi/matrix-synapse
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.21.0
Affected versions
0.*
0.33.5
0.33.5.1
0.33.6rc1
0.33.6
0.33.7rc1
0.33.7rc2
0.33.7
0.33.8rc2
0.33.8
0.33.9
0.34.0rc1
0.34.0rc2
0.34.0
0.34.0.1
0.34.1.1
0.99.0rc1
0.99.0rc2
0.99.0rc3
0.99.0rc4
0.99.0
0.99.1rc1
0.99.1rc2
0.99.1
0.99.1.1
0.99.2rc1
0.99.2
0.99.3rc1
0.99.3
0.99.3.1
0.99.3.2
0.99.4rc1
0.99.4
0.99.5rc1
0.99.5
0.99.5.1
0.99.5.2
1.*
1.0.0rc1
1.0.0rc2
1.0.0rc3
1.0.0
1.1.0rc1
1.1.0rc2
1.1.0
1.2.0rc1
1.2.0rc2
1.2.0
1.2.1
1.3.0rc1
1.3.0
1.3.1
1.4.0rc1
1.4.0rc2
1.4.0
1.4.1rc1
1.4.1
1.5.0rc1
1.5.0rc2
1.5.0
1.5.1
1.6.0rc1
1.6.0rc2
1.6.0
1.6.1
1.7.0rc1
1.7.0rc2
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0rc1
1.8.0
1.9.0.dev1
1.9.0.dev2
1.9.0rc1
1.9.0
1.9.1
1.10.0rc1
1.10.0rc2
1.10.0rc3
1.10.0rc5
1.10.0
1.10.1
1.11.0rc1
1.11.0
1.11.1
1.12.0rc1
1.12.0
1.12.1rc1
1.12.1
1.12.2
1.12.3
1.12.4rc1
1.12.4
1.13.0rc1
1.13.0rc2
1.13.0rc3
1.13.0
1.14.0rc1
1.14.0rc2
1.14.0
1.15.0rc1
1.15.0
1.15.1
1.15.2
1.16.0rc1
1.16.0rc2
1.16.0
1.16.1
1.17.0rc1
1.17.0
1.18.0rc1
1.18.0rc2
1.18.0
1.19.0rc1
1.19.0
1.19.1rc1
1.19.1
1.19.2
1.19.3
1.20.0rc1
1.20.0rc2
1.20.0rc3
1.20.0rc4
1.20.0rc5
1.20.0
1.20.1
1.21.0rc1
1.21.0rc2
1.21.0rc3