CVE-2021-32659: Missing Authentication for Critical Function

June 16, 2021 (updated July 9, 2021)

If a bridge has room upgrade handling turned on in the configuration (the roomUpgradeOpts key when instantiating a new Bridge instance.), any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room.

References

nvd.nist.gov/vuln/detail/CVE-2021-32659

Detect and mitigate CVE-2021-32659 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →