FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-matrix-synapse -- several vulnerabilities

Affected packages
py310-matrix-synapse < 1.47.1
py36-matrix-synapse < 1.47.1
py37-matrix-synapse < 1.47.1
py38-matrix-synapse < 1.47.1
py39-matrix-synapse < 1.47.1


VuXML ID 27aa2253-4c72-11ec-b6b9-e86a64caca56
Discovery 2021-11-18
Entry 2021-11-23

Matrix developers report:

This release patches one high severity issue affecting Synapse installations 1.47.0 and earlier using the media repository. An attacker could cause these Synapses to download a remote file and store it in a directory outside the media repository.

Note that:


CVE Name CVE-2021-41281
FreeBSD PR ports/259994