CVE-2019-18835: Improper Verification of Cryptographic Signature
(updated )
Matrix Synapse before mishandles signature checking on some federation APIs. Events sent over /send_join
, /send_leave
, and /invite
may not be correctly signed, or may not come from the expected servers.
References
Detect and mitigate CVE-2019-18835 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →