Matrix-Org Synapse vulnerabilities

CVE-2021-21333 [MEDIUM] CWE-74 CVE-2021-21333: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification fo

CVE-2021-21274 [MEDIUM] CWE-400 CVE-2021-21274: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will c

CVE-2021-21273 [MEDIUM] CWE-601 CVE-2021-21273: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending pus

CVE-2020-26257 [MEDIUM] CWE-79 CVE-2020-26257: Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homese Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. Th