[Pkg-matrix-maintainers] Bug#1000451: matrix-synapse: Path traversal when downloading remote media (CVE-2021-41281)
Benedikt Wildenhain (BO)
benedikt.wildenhain at hs-bochum.de
Tue Nov 23 12:37:41 GMT 2021
Package: matrix-synapse
Severity: important
Dear Maintainer,
Synapse up to 1.47.0 contains a security problem which allows to write
files outside of the configured directory for downloads.
See https://github.com/matrix-org/synapse/commits/v1.47.1
and in the future also
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281
Regards,
Benedikt Wildenhain
More information about the Pkg-matrix-maintainers
mailing list