matrix-synapse vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the matrix-synapse package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
L CVE-2024-31208	*
M CVE-2023-43796	<1.95.1-1
M Allocation of Resources Without Limits or Throttling	<1.94.0-1
M Improper Authorization	<1.93.0-1
L Cleartext Storage of Sensitive Information	<1.93.0-1
M Improper Authentication	<1.90.0-1
M Incorrect Authorization	<1.90.0-1
M Information Exposure	<1.69.0-1
M Improper Input Validation	<1.74.0-1
M Resource Exhaustion	<1.68.0-1
M Missing Release of Resource after Effective Lifetime	<1.53.0-1
H Improper Handling of Exceptional Conditions	<1.63.0-1
M Uncontrolled Recursion	<1.61.1-1
H Directory Traversal	<1.47.1-1
L Information Exposure	<1.41.1-1
L Information Exposure	<1.41.1-1
M Resource Exhaustion	<1.33.2-1
M Improper Input Validation	<1.28.0-1
M Improper Input Validation	<1.28.0-1
M Open Redirect	<1.28.0-1
H Cross-site Scripting (XSS)	<1.27.0-1
M Arbitrary Code Injection	<1.27.0-1
M Resource Exhaustion	<1.25.0-1
M Open Redirect	<1.25.0-1
M Resource Exhaustion	<1.24.0-1
H Arbitrary Code Injection	<1.20.0-1
M Cross-site Scripting (XSS)	<1.21.1-1
C Insufficient Verification of Data Authenticity	<1.5.0-1
H Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<0.99.2-5
H Key Management Errors	<0.34.1.1-1
H Improper Verification of Cryptographic Signature	<0.33.3.1-1
H CVE-2018-12423	<0.31.2+dfsg-1
H CVE-2018-12291	<0.31.1+dfsg-1
H Improper Input Validation	<0.28.1+dfsg-1