matrix-sydent@2.5.1 vulnerabilities
Reference Matrix Identity Verification and Lookup Server
-
latest version
2.6.1
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
6 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the matrix-sydent package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
matrix-sydent is a Reference Matrix Identity Verification and Lookup Server Affected versions of this package are vulnerable to Improper Certificate Validation. If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. How to fix Improper Certificate Validation? Upgrade |
[,2.5.6)
|