vulnerability
FreeBSD: VID-38d2df4d-b143-11e9-87e7-901b0e934d69: py-matrix-synapse -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Jul 28, 2019 | Jul 29, 2019 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Jul 28, 2019
Added
Jul 29, 2019
Modified
Dec 10, 2025
Description
Matrix developers report: The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation: Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Prevent an attack where users could be joined or parted from public rooms without their consent. Fix a vulnerability where a federated server could spoof read-receipts from users on other servers. It was possible for a room moderator to send a redaction for an m.room.create event, which would downgrade the room to version 1.
Solutions
freebsd-upgrade-package-py27-matrix-synapsefreebsd-upgrade-package-py35-matrix-synapsefreebsd-upgrade-package-py36-matrix-synapsefreebsd-upgrade-package-py37-matrix-synapse
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.