CVE-2018-16515: Improper Verification of Cryptographic Signature

September 18, 2018 (updated October 3, 2019)

Synapse allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

References

matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
nvd.nist.gov/vuln/detail/CVE-2018-16515

Detect and mitigate CVE-2018-16515 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →