CVE-2024-53867

Published December 3rd, 2024

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.

matrix-org/matrix-spec-proposals

Proposals for changes to the matrix specification

GitHub

1.23K

element-hq/synapse

Synapse: Matrix homeserver written in Python/Twisted + Rust

GitHub

4.26K