FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-matrix-synapse -- several vulnerabilities

Affected packages
py310-matrix-synapse < 1.47.1
py36-matrix-synapse < 1.47.1
py37-matrix-synapse < 1.47.1
py38-matrix-synapse < 1.47.1
py39-matrix-synapse < 1.47.1

Details

VuXML ID 27aa2253-4c72-11ec-b6b9-e86a64caca56
Discovery 2021-11-18
Entry 2021-11-23

Matrix developers report:

This release patches one high severity issue affecting Synapse installations 1.47.0 and earlier using the media repository. An attacker could cause these Synapses to download a remote file and store it in a directory outside the media repository.

Note that:

[source]

References

CVE Name CVE-2021-41281
FreeBSD PR ports/259994
URL https://matrix.org/blog/2021/11/23/synapse-1-47-1-released

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.