Homepage
About Snyk

matrix-sydent@2.5.3 vulnerabilities

Reference Matrix Identity Verification and Lookup Server

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the matrix-sydent package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Improper Certificate Validation

matrix-sydent is a Reference Matrix Identity Verification and Lookup Server

Affected versions of this package are vulnerable to Improper Certificate Validation. If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails.

How to fix Improper Certificate Validation?

Upgrade matrix-sydent to version 2.5.6 or higher.

[,2.5.6)
Go back to all versions of this package