CVE-2021-29432: Malicious users could abuse Sydent to control the content of invitation emails
(updated )
A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example.
References
- github.com/advisories/GHSA-mh74-4m5g-fcjx
- github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42
- github.com/matrix-org/sydent/releases/tag/v2.3.0
- github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx
- github.com/pypa/advisory-database/tree/main/vulns/matrix-sydent/PYSEC-2021-23.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-29432
- pypi.org/project/matrix-sydent
Detect and mitigate CVE-2021-29432 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →