FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-matrix-synapse -- unbounded recursion in urlpreview

Affected packages
py310-matrix-synapse < 1.61.1
py311-matrix-synapse < 1.61.1
py37-matrix-synapse < 1.61.1
py38-matrix-synapse < 1.61.1
py39-matrix-synapse < 1.61.1

Details

VuXML ID 07c0d782-f758-11ec-acaa-901b0e9408dc
Discovery 2022-06-28
Entry 2022-06-29

Matrix developers report:

This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process.

Note that:

References

CVE Name CVE-2022-31052
URL https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1