CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21274

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.1%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.3

References

Products affected by CVE-2021-21274

Matrix » Synapse » Version: 0.99.0

cpe:2.3:a:matrix:synapse:0.99.0
Matrix » Synapse » Version: 0.99.1

cpe:2.3:a:matrix:synapse:0.99.1
Matrix » Synapse » Version: 0.99.1.1

cpe:2.3:a:matrix:synapse:0.99.1.1
Matrix » Synapse » Version: 0.99.2

cpe:2.3:a:matrix:synapse:0.99.2
Matrix » Synapse » Version: 0.99.3

cpe:2.3:a:matrix:synapse:0.99.3
Matrix » Synapse » Version: 0.99.3.1

cpe:2.3:a:matrix:synapse:0.99.3.1
Matrix » Synapse » Version: 0.99.3.2

cpe:2.3:a:matrix:synapse:0.99.3.2
Matrix » Synapse » Version: 0.99.4

cpe:2.3:a:matrix:synapse:0.99.4
Matrix » Synapse » Version: 0.99.5

cpe:2.3:a:matrix:synapse:0.99.5
Matrix » Synapse » Version: 0.99.5.2

cpe:2.3:a:matrix:synapse:0.99.5.2
Matrix » Synapse » Version: 1.0.0

cpe:2.3:a:matrix:synapse:1.0.0
Matrix » Synapse » Version: 1.1.0

cpe:2.3:a:matrix:synapse:1.1.0
Matrix » Synapse » Version: 1.10.0

cpe:2.3:a:matrix:synapse:1.10.0
Matrix » Synapse » Version: 1.10.1

cpe:2.3:a:matrix:synapse:1.10.1
Matrix » Synapse » Version: 1.11.0

cpe:2.3:a:matrix:synapse:1.11.0
Matrix » Synapse » Version: 1.11.1

cpe:2.3:a:matrix:synapse:1.11.1
Matrix » Synapse » Version: 1.12.0

cpe:2.3:a:matrix:synapse:1.12.0
Matrix » Synapse » Version: 1.12.1

cpe:2.3:a:matrix:synapse:1.12.1
Matrix » Synapse » Version: 1.12.2

cpe:2.3:a:matrix:synapse:1.12.2
Matrix » Synapse » Version: 1.12.3

cpe:2.3:a:matrix:synapse:1.12.3
Matrix » Synapse » Version: 1.12.4

cpe:2.3:a:matrix:synapse:1.12.4
Matrix » Synapse » Version: 1.13.0

cpe:2.3:a:matrix:synapse:1.13.0
Matrix » Synapse » Version: 1.14.0

cpe:2.3:a:matrix:synapse:1.14.0
Matrix » Synapse » Version: 1.15.0

cpe:2.3:a:matrix:synapse:1.15.0
Matrix » Synapse » Version: 1.15.1

cpe:2.3:a:matrix:synapse:1.15.1
Matrix » Synapse » Version: 1.15.2

cpe:2.3:a:matrix:synapse:1.15.2
Matrix » Synapse » Version: 1.16.0

cpe:2.3:a:matrix:synapse:1.16.0
Matrix » Synapse » Version: 1.16.1

cpe:2.3:a:matrix:synapse:1.16.1
Matrix » Synapse » Version: 1.17.0

cpe:2.3:a:matrix:synapse:1.17.0
Matrix » Synapse » Version: 1.18.0

cpe:2.3:a:matrix:synapse:1.18.0
Matrix » Synapse » Version: 1.19.0

cpe:2.3:a:matrix:synapse:1.19.0
Matrix » Synapse » Version: 1.19.1

cpe:2.3:a:matrix:synapse:1.19.1
Matrix » Synapse » Version: 1.19.2

cpe:2.3:a:matrix:synapse:1.19.2
Matrix » Synapse » Version: 1.19.3

cpe:2.3:a:matrix:synapse:1.19.3
Matrix » Synapse » Version: 1.2.0

cpe:2.3:a:matrix:synapse:1.2.0
Matrix » Synapse » Version: 1.2.1

cpe:2.3:a:matrix:synapse:1.2.1
Matrix » Synapse » Version: 1.20.0

cpe:2.3:a:matrix:synapse:1.20.0
Matrix » Synapse » Version: 1.21.0

cpe:2.3:a:matrix:synapse:1.21.0
Matrix » Synapse » Version: 1.21.1

cpe:2.3:a:matrix:synapse:1.21.1
Matrix » Synapse » Version: 1.21.2

cpe:2.3:a:matrix:synapse:1.21.2
Matrix » Synapse » Version: 1.22.0

cpe:2.3:a:matrix:synapse:1.22.0
Matrix » Synapse » Version: 1.22.1

cpe:2.3:a:matrix:synapse:1.22.1
Matrix » Synapse » Version: 1.23.0

cpe:2.3:a:matrix:synapse:1.23.0
Matrix » Synapse » Version: 1.23.1

cpe:2.3:a:matrix:synapse:1.23.1
Matrix » Synapse » Version: 1.24.0

cpe:2.3:a:matrix:synapse:1.24.0
Matrix » Synapse » Version: 1.3.0

cpe:2.3:a:matrix:synapse:1.3.0
Matrix » Synapse » Version: 1.3.1

cpe:2.3:a:matrix:synapse:1.3.1
Matrix » Synapse » Version: 1.4.0

cpe:2.3:a:matrix:synapse:1.4.0
Matrix » Synapse » Version: 1.4.1

cpe:2.3:a:matrix:synapse:1.4.1
Matrix » Synapse » Version: 1.5.0

cpe:2.3:a:matrix:synapse:1.5.0
Matrix » Synapse » Version: 1.5.1

cpe:2.3:a:matrix:synapse:1.5.1
Matrix » Synapse » Version: 1.6.0

cpe:2.3:a:matrix:synapse:1.6.0
Matrix » Synapse » Version: 1.6.1

cpe:2.3:a:matrix:synapse:1.6.1
Matrix » Synapse » Version: 1.7.0

cpe:2.3:a:matrix:synapse:1.7.0
Matrix » Synapse » Version: 1.7.1

cpe:2.3:a:matrix:synapse:1.7.1
Matrix » Synapse » Version: 1.7.2

cpe:2.3:a:matrix:synapse:1.7.2
Matrix » Synapse » Version: 1.7.3

cpe:2.3:a:matrix:synapse:1.7.3
Matrix » Synapse » Version: 1.8.0

cpe:2.3:a:matrix:synapse:1.8.0
Matrix » Synapse » Version: 1.9.0

cpe:2.3:a:matrix:synapse:1.9.0
Matrix » Synapse » Version: 1.9.1

cpe:2.3:a:matrix:synapse:1.9.1
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21274

Products

Pricing

Contact Us