CVE-2021-21274 – Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). …

26 February 2021

Vuln ID: CVE-2021-21274

Published: 2021-02-26 18:15:12Z

Description: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.

Source: NVD.NIST.GOV

Date:

26 February 2021

Categorie(s):

NVD

Tag(s):

NVD

11% of Cybersecurity Teams Have Zero Women25 April 2024
56% of cyber insurance claims originate in the email inbox25 April 2024
The end of non-compete agreements is a tech job earthquake25 April 2024
Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response25 April 2024
Innovating at the Edge of Technology with Kerem Koca, CEO of BlueCloud25 April 2024