CVE-2021-29471: Uncontrolled Resource Consumption
(updated )
Synapse is a Matrix reference homeserver written in python. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse Push rules
can specify conditions under which they will match, including event_match
, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.
References
Detect and mitigate CVE-2021-29471 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →