CVE-2021-21393: Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
(updated )
Missing input validation of some parameters on the groups (also known as communities) endpoints could cause excessive use of disk space and memory leading to resource exhaustion. Additionally clients may have issues rendering large fields.
References
- github.com/advisories/GHSA-jrh7-mhhx-6h88
- github.com/matrix-org/synapse
- github.com/matrix-org/synapse/commit/3f58fc848d0002de4605bed91603a1f9f245d128
- github.com/matrix-org/synapse/commit/d2f0ec12d5c8f113095408888e87e191ac546499
- github.com/matrix-org/synapse/pull/9321
- github.com/matrix-org/synapse/pull/9393
- github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
- github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-26.yaml
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
- nvd.nist.gov/vuln/detail/CVE-2021-21393
- pypi.org/project/matrix-synapse
Detect and mitigate CVE-2021-21393 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →