Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Synapse | Matrix | * | 0.33.3.1 (excluding) |
Matrix-synapse | Ubuntu | bionic | * |
Matrix-synapse | Ubuntu | cosmic | * |
Matrix-synapse | Ubuntu | esm-apps/bionic | * |
Matrix-synapse | Ubuntu | upstream | * |