py-matrix-synapse -- unbounded recursion in urlpreview

Affected packages
py310-matrix-synapse < 1.61.1
py311-matrix-synapse < 1.61.1
py37-matrix-synapse < 1.61.1
py38-matrix-synapse < 1.61.1
py39-matrix-synapse < 1.61.1


VuXML ID 07c0d782-f758-11ec-acaa-901b0e9408dc
Discovery 2022-06-28
Entry 2022-06-29

Matrix developers report:

This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process.

CVE Name CVE-2022-31052